-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGet-Lastuser.ps1
52 lines (40 loc) · 1.63 KB
/
Get-Lastuser.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<#
Title: Get Last User
Purpose:
This script was built to process a list of hosts
and output a report of the last known user based
on a registry value for 'LastLoggedOnUser' and
'LastLoggedOnDisplayname'
Author: Nick Rudy
License: https://nick-rudy.mit-license.org/
#>
$HostList = Read-Host'(Input Format) <SAMPLE-SOURCE-PATH>\Remote-Hosts.txt'
$Computers = Get-Content $HostList
$HostCount = 0
Function Get-LastUser {
<#
.SYNOPSIS
This script gets the last known users on a host
.DESCRIPTION
This script references the remote hosts registry and returns
results based upon the SID for the user and the Display Name
that corresponds to their account in Active Directory.
.NOTES
This script will require the console calling it to be opened
as an administrator, or to be called from a batch file that
alters the PowerShell Execution Policy.
#>
Foreach ($Computer in $Computers){
$HostCount += 1
Write-Progress -Activity "Retrieving Last User" -Status "Host: $($Computer)" -PercentComplete ($HostCount * 100 / $Computers.count)
$LastUser = (Invoke-Command -ComputerName $Computer -ScriptBlock {
$RegPath = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI'
$RegValue = Get-ItemProperty -Path $RegPath
$RegValue.LastLoggedOnUser
$RegValue.LastLoggedOnDisplayName
})
$LastUser | Export-CSV -Path '<SAMPLE-OUTPUT-PATH>\User-Query.csv' -NoTypeInformation -Append
}
}
# Call the function that was just created
Get-LastUser