Windows – Monitoring logged on users in Active Directory

remote-accessremote-desktop-serviceswindowswindows-server-2008-r2

There is a bunch of Windows Server 2008 R2 computers in the domain. They are used as workstations both for local and remote access. What is the right way to collect the information about logged on users? Including:

  • Who are logged on locally (Session=Console in terms of Remote Desktop Services Manager)
  • Who are logged on locally, but desktop is locked (State!=Active in terms of RDSM)
  • Who are logged on remotely
  • Who are logged on remotely, but desktop is locked
  • Logged on time (if possible)

I'd like to compile an HTML page with the information, so it'll be great to work out a script to do the job.

Solutions that didn't work for me:

For example, the PsLoggedOn utility (SysInternals) doesn't give information about the state (Active/Disconnected).

The Remote Desktop Services Manager is a great GUI tool, especially when added all the machines to the group. I need the same information via console interface.

Best Answer

You could just parse data from qwinsta. Qwinsta output normally looks something like this:

PS C:\> qwinsta
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
>rdp-tcp#0         administrator             2  Active  rdpwd
 rdp-tcp                                 65536  Listen

The following queries for RDP connections by "SESSIONNAME":

$sessionInfo = qwinsta | foreach { (($_.trim() -replace "\s+",","))} | ConvertFrom-Csv
$rdpSessions = $sessionInfo | where {$_.SESSIONNAME -like ">rdp-tcp*"}
$rdpSessions

You'd get output similar to the below:

PS C:\> $rdpSessions


SESSIONNAME : >rdp-tcp#0
USERNAME    : administrator
ID          : 2
STATE       : Active
TYPE        : rdpwd
DEVICE      :
Related Topic