$explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE N

1. $explorerprocesses = @(Get-WmiObject -Query "Select * FROM Win32_Process WHERE Name='explorer.exe'" -ErrorAction SilentlyContinue)
2. if ($explorerprocesses.Count -eq 0)
3. {
4. "No explorer process found / Nobody interactively logged on"
5. } else {
6. foreach ($i in $explorerprocesses)
7. {
8. $Username = $i.GetOwner().User
9. $Domain = $i.GetOwner().Domain
10. $Domain + "" + $Username + " logged on since: " + ($i.ConvertToDateTime($i.CreationDate))
11. }
12. }
13.  
14. function get-logedonuser {
15. param (
16. [string]$computername = $env:COMPUTERNAME
17. )
18. Get-WmiObject -Class Win32_LogonSession -ComputerName $computername |
19. foreach {
20. $data = $_
21.  
22. $id = $data.__RELPATH -replace """", "'"
23. $q = "ASSOCIATORS OF {$id} WHERE ResultClass = Win32_Account"
24. Get-WmiObject -ComputerName $computername -Query $q |
25. select @{N="User";E={$($_.Caption)}},
26. @{N="LogonTime";E={$data.ConvertToDateTime($data.StartTime)}}
27. }
28. }