Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-UserProfile{
- <#
- .SYNOPSIS
- Use WMI to query a computer about local profiles on the machine
- .Description
- This Fucntion is used to get information about local profiles on a computer. This will return information about any local profile, including the local cache of the domain accounts. By default returns the SID, Local path, and Last Use Time of the account; the -verbose flag can be used to return additional information.
- .PARAMETER UserID
- UserID to search for. If left blank will default to all users. By default UserID must match exactly, but you can use the wildcard '%' to perform more general seraches
- .PARAMETER Computer
- Computer to query for user accounts. Leaving Blank will default to 'localhost'.
- .PARAMETER ExcludeSystemAccounts
- Filters out System accounts (e.g. System, Network Service). This is done by looking at the 'special' property, which does not filter out users non-windows programs may create.
- .PARAMETER OnlyLoaded
- Setting this parameter shows only profiles that are currently in Use -- Combine with -ExcludeSystemAccounts and you can get a pretty good idea of who is currently logged into a machine.
- .PARAMETER ExcludeLoaded
- Returns only user profiles that are not currently in use. This is useful if you need to clear out profiles.
- .PARAMETER Verbose
- Returns Full user porfile data, rather than the default SID,LocalPath,LastUseTime
- .PARAMETER OlderThan
- Filter Results based on datetime. This requires a datetime object
- .Example
- Get-UserProfile -UserID MyUser
- Basic usage to see if the user "MyUser" exists on the local machine.
- .Example
- Get-UserProfile -Computer RDSServ1.mydomain.com
- Lists all user Profiles from remote computer "RDSServ1.mydomain.com"
- .Example
- Get-UserProfile -Computer RDSServ1.mydomain.com -ExcludeSystemAccounts -OnlyLoaded
- Lists non-system user profiles from remote computer currently marked as loaded. This gives a pretty good idea of who is currently logged into a remote machine.
- .Example
- Get-UserProfile -OlderThan $((get-date).adddays(-14))
- Lists user profiles that have not been used on the localhost in 14 days.
- .Notes
- Author: Keith Ballou
- Date: Oct 15, 2014
- This Script Relies on Convert-UTCtoDateTime -- A function for converting UTC strings to DateTime Objects
- #>
- [CmdletBinding()]
- param(
- [Parameter(Mandatory=$False)][string]$UserID="%",
- [Parameter(Mandatory=$False)][string]$Computer="LocalHost",
- [Parameter(Mandatory=$False)][switch]$ExcludeSystemAccounts,
- [Parameter(Mandatory=$False)][switch]$OnlyLoaded,
- [Parameter(Mandatory=$False)][switch]$ExcludeLoaded,
- [Parameter(Mandatory=$False)][datetime]$OlderThan
- )
- if(!(Get-Command Convert-UTCtoDateTime -ErrorAction SilentlyContinue)){
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "# "
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "This Program Requires cmdlet ""Convert-UTCtoDateTime"" "
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "Find it here: "
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "http://pastebin.com/SSKJ4bwt "
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "# "
- write-host -BackgroundColor "Black" -ForegroundColor "Red" "################################################################################"
- break;
- }
- if($Computer.ToLower() -eq "localhost"){
- $Return = Get-WmiObject -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'"
- }
- else{
- $Return = get-wmiobject -ComputerName $Computer -Query "Select * from win32_userprofile where LocalPath like '%\\$UserID'"
- }
- #Filter System Accounts
- if($ExcludeSystemAccounts){
- $Return = $Return | Where-Object -Property Special -eq $False
- }
- #Filter out Loaded Accounts
- if($ExcludeLoaded){
- $Return = $Return | Where-Object -Property Loaded -eq $False
- }
- #Filter otherthan loaded accounts
- if($OnlyLoaded){
- $Return = $Return | Where-Object -Property Loaded -eq $True
- }
- #Filter on lastusetime
- if([bool]$OlderThan){
- $Return | Where-Object -property LastUseTime -eq $Null | % {Write-Host -BackgroundColor "Black" -ForegroundColor "Yellow" $_.LocalPath " Has no 'LastUseTime', omitting" }
- $Return = $Return | Where-Object -property LastUseTime -ne $Null
- $Return = $Return | Where-Object {$(Convert-UTCtoDateTime $_.LastUseTime -ToLocal) -lt $OlderThan }
- }
- if($PSBoundParameters['Verbose'])
- {
- Write-Output $Return
- }
- else{
- Write-Output $Return | Select SID,LocalPath,@{Label="Last Use Time";Expression={Convert-UTCtoDateTime $_.LastUseTime -ToLocal}}
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement