Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################
- #=====[ Load Functions
- # Gets the user when run administratively
- Function Get-LoggedInUser {
- <#
- .SYNOPSIS
- This will check the specified machine to see all users who are logged on.
- For updated help and examples refer to -Online version.
- .NOTES
- Name: Get-LoggedInUser
- Author: Paul Contreras
- Version: 3.0
- DateUpdated: 2021-Sep-21
- .LINK
- https://thesysadminchannel.com/get-logged-in-users-using-powershell/ -
- For updated help and examples refer to -Online version.
- .PARAMETER ComputerName
- Specify a computername to see which users are logged into it. If no computers are specified, it will default to the local computer.
- .PARAMETER UserName
- If the specified username is found logged into a machine, it will display it in the output.
- .EXAMPLE
- Get-LoggedInUser -ComputerName Server01
- Display all the users that are logged in server01
- .EXAMPLE
- Get-LoggedInUser -ComputerName Server01, Server02 -UserName jsmith
- Display if the user, jsmith, is logged into server01 and/or server02
- #>
- [CmdletBinding()]
- param(
- [Parameter(
- Mandatory = $false,
- ValueFromPipeline = $true,
- ValueFromPipelineByPropertyName = $true,
- Position=0
- )]
- [string[]] $ComputerName = $env:COMPUTERNAME,
- [Parameter(
- Mandatory = $false
- )]
- [Alias("SamAccountName")]
- [string] $UserName
- )
- BEGIN {}
- PROCESS {
- foreach ($Computer in $ComputerName) {
- try {
- $Computer = $Computer.ToUpper()
- $SessionList = quser /Server:$Computer 2>$null
- if ($SessionList) {
- $UserInfo = foreach ($Session in ($SessionList | select -Skip 1)) {
- $Session = $Session.ToString().trim() -replace '\s+', ' ' -replace '>', ''
- if ($Session.Split(' ')[3] -eq 'Active') {
- [PSCustomObject]@{
- ComputerName = $Computer
- UserName = $session.Split(' ')[0]
- SessionName = $session.Split(' ')[1]
- SessionID = $Session.Split(' ')[2]
- SessionState = $Session.Split(' ')[3]
- IdleTime = $Session.Split(' ')[4]
- LogonTime = $session.Split(' ')[5, 6, 7] -as [string] -as [datetime]
- }
- } else {
- [PSCustomObject]@{
- ComputerName = $Computer
- UserName = $session.Split(' ')[0]
- SessionName = $null
- SessionID = $Session.Split(' ')[1]
- SessionState = 'Disconnected'
- IdleTime = $Session.Split(' ')[3]
- LogonTime = $session.Split(' ')[4, 5, 6] -as [string] -as [datetime]
- }
- }
- }
- if ($PSBoundParameters.ContainsKey('Username')) {
- $UserInfo | Where-Object {$_.UserName -eq $UserName}
- } else {
- $UserInfo | Sort-Object LogonTime
- }
- }
- } catch {
- Write-Error $_.Exception.Message
- }
- }
- }
- END {}
- }
- # Temporarily halts input from keyboard and mouse for a specific amount of time
- Function Disable-UserInput($seconds) {
- $userInput::BlockInput($true)
- Start-Sleep $seconds
- $userInput::BlockInput($false)
- }
- #################################################################################
- #=====[ Define Varibles
- # When this script is run as an admin, it collects the local username of the person logged in
- $UN = (Get-LoggedInUser -ComputerName $env:COMPUTERNAME).UserName
- # Get the domain by looking at the admin running the script
- $laName = whoami
- ## Split this into the domain and the username based on the \ character
- $dName, $launName = $laName.Split("\")
- ## Attach the domain, with the \ character, and then add the logged in user
- $UN1 = $dName + "\" + $UN
- # Store the IEX Command as a variable that will be performing the work to do the following:
- ## : Kill all open Adobe products
- ## : Clear all credentials within Credential Manager to do with Adobe
- ## : Open Edge and force log off the the logged in user and kill MsEdge
- $iex = IEX ((New-Object System.Net.WebClient).DownloadString('https://pastebin.com/raw/Yim1Qv0H'))
- #################################################################################
- #=====[ Scheduled Task Creation
- # Create a scheduled task that will run as the team member
- $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "$iex"
- $trigger = New-ScheduledTaskTrigger -AtLogOn
- $principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
- $task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
- Register-ScheduledTask IEX_Call_Adobe -InputObject $task
- #################################################################################
- #=====[ Code Execution
- # Create Subexpression Operator required to disable input temporaily
- $code = @"
- [DllImport("user32.dll")]
- public static extern bool BlockInput(bool fBlockIt);
- "@
- # Create Variable using the Subexpresion to ignore input
- $userInput = Add-Type -MemberDefinition $code -Name UserInput -Namespace UserInput -PassThru
- # Start the Scheduled task, running the IEX Script
- Start-ScheduledTask -TaskName IEX_Call_Adobe
- # Disable Input and warn the shell
- Write-Host("Disabling all unput for 17 seconds ") -ForegroundColor Yellow
- Disable-UserInput -seconds 18 | Out-Null
- # Remove the Scheduled Task
- Start-Sleep -Seconds 10
- Unregister-ScheduledTask -TaskName IEX_Call_Adobe -Confirm:$false
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement