Solved: Re: This script shows all servers with any RDC ses...

chadkfranks · ‎07-23-2014

$servers = get-content “C:\scripts\servers.txt”

foreach ($server in $servers)

{

$server

$command = “quser /server:” + $server

invoke-expression $command

}

richgalloway · ‎07-23-2014

You'll probably get a better response at a Powershell-specific forum like powershell.com or Microsoft Technet.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

halr9000 · ‎07-23-2014

Agreed with Rich, since this is very specific to PowerShell, not Splunk. But I'll give you a hint real quick. You need to look at two areas: filtering, and working with objects generally. You can use a variety of methods to filter input. One is the Where-Object cmdlet. But when working with PowerShell, it's best to convert text strings into objects, as it's much easier to work with them that way. This script that I found real quick (I googled for "powershell query rdc") shows a technique to use the qwinsta.exe command, but then converting the output to CSV, and then using the ConvertFrom-CSV to turn it into objects.

HTH

richgalloway · ‎07-23-2014

You'll probably get a better response at a Powershell-specific forum like powershell.com or Microsoft Technet.

---
If this reply helps you, Karma would be appreciated.

This script shows all servers with any RDC sessions open. i need it to just show me a specific username that is logged into any of the listed servers. Could someone help me?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?