获取远程 PowerShell 会话连接

#requires -version 3.0

Function Get-PSRemoteSession {

<#
.SYNOPSIS
Get remote PSSession processes.
.DESCRIPTION
This command uses CIM to retrieve the wsmprovhost process that might be running
on a remote computer. You can use this information to determine how long a 
session has been running and by what user. By default the command shows a 
summary. If you want to see the full detail, use the -Full parameter. The
process owner and runtime will be added to the object in either case.
.PARAMETER Computername
This parameter has aliases of CN, Name and PSComputername
.PARAMETER Full
Write the full process object to the pipeline instead of the summary.
.EXAMPLE
PS C:\> Get-PSRemoteSession lon-dc1

ProcessID      : 7016
CreationDate   : 4/3/2014 1:25:32 PM
Runtime        : 23:36:38.0799372
Owner          : MYDOMAIN\Jeff
PSComputername : lon-dc1

ProcessID      : 4676
CreationDate   : 4/4/2014 12:23:41 PM
Runtime        : 00:38:28.9568735
Owner          : MYDOMAIN\Administrator
PSComputername : lon-dc1

.EXAMPLE
PS C:\> Get-PSRemoteSession lon-dc1 -full | select Owner,ProcessID,VM,WS,runtime

Owner     : MYDOMAIN\Jeff
ProcessID : 7016
VM        : 163262464
WS        : 44392448
Runtime   : 23:47:39.0140240

Owner     : MYDOMAIN\Administrator
ProcessID : 4676
VM        : 180445184
WS        : 46551040
Runtime   : 00:49:29.8899602

Get full process information and select some key properties
.EXAMPLE
PS C:\> get-remotesession chi-dc04,chi-dc01 | Group Owner -NoElement

Count Name                     
----- ----                     
    1 GLOBOMANTICS\jeff        
    2 GLOBOMANTICS\Administr...


Display what user accounts are using remote sessions on the specified computers.

.EXAMPLE
PS C:\> Get-Content c:\work\computers.txt | Get-PSRemoteSession | where {$_.Runtime -gt "16:00:00"}

For a list of computers, get remote PSSessions that have been running longer 
than 16 hours.

.EXAMPLE
PS C:\> get-remotesession chi-dc04,chi-dc01,chi-app01 | sort PSComputername | format-table -GroupBy PSComputername -Property CreationDate,Runtime,Owner


   PSComputerName: chi-app01

CreationDate                 Runtime                     Owner                      
------------                 -------                     -----                      
4/11/2014 9:58:16 AM         00:04:29.8719959            GLOBOMANTICS\Administrator 


   PSComputerName: chi-dc01

CreationDate                 Runtime                     Owner                      
------------                 -------                     -----                      
4/11/2014 9:46:24 AM         00:16:21.2699348            GLOBOMANTICS\Administrator 


   PSComputerName: chi-dc04

CreationDate                 Runtime                     Owner                      
------------                 -------                     -----                      
4/11/2014 9:43:06 AM         00:19:36.8797428            GLOBOMANTICS\jeff          
4/11/2014 9:47:25 AM         00:15:18.0563043            GLOBOMANTICS\Administrator 

.NOTES
Version       : 1.0
Last Updated  : April 11, 2014

Learn more:
 PowerShell in Depth: An Administrator's Guide (http://www.manning.com/jones2/)
 PowerShell Deep Dives (http://manning.com/hicks/)
 Learn PowerShell 3 in a Month of Lunches (http://manning.com/jones3/)
 Learn PowerShell Toolmaking in a Month of Lunches (http://manning.com/jones4/)
 

  ****************************************************************
  * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED *
  * THOROUGHLY IN A LAB ENVIRONMENT. USE AT YOUR OWN RISK.  IF   *
  * YOU DO NOT UNDERSTAND WHAT THIS SCRIPT DOES OR HOW IT WORKS, *
  * DO NOT USE IT OUTSIDE OF A SECURE, TEST SETTING.             *
  ****************************************************************
.LINK
Get-CimInstance
about_PSSessions
#>

[cmdletbinding()]
Param(
[Parameter(Position=0,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True)]
[ValidateNotNullorEmpty()]
[Alias("CN","Name","PSComputername")]
[string[]]$Computername,
[switch]$Full
)

Begin {
    Write-Verbose "Starting Get-PSRemoteSession"
} #begin

Process {
foreach ($computer in $computername) {
    #test connection
    Write-Verbose "Testing if computer $computer is pingable"

    #do a single ping to verify computer is up
    If (Test-Connection -ComputerName $computer -count 1 -Quiet) {

        Write-Verbose "Querying $computer"
        Try {
            #use CIM to remotely query the computer
            $data = Get-CimInstance win32_process -filter "name='wsmprovhost.exe'" `
            -ComputerName $computer -ErrorAction Stop -ErrorVariable MyErr

            if ($data) {
                Write-verbose "Found sessions on $computer"
                Write-verbose ($data[0] | out-string)

                #add some custom properties
                $data | Add-Member -membertype ScriptProperty -Name Runtime -value {
                (Get-Date) - $this.creationdate} 
                $data | Add-Member -MemberType ScriptProperty -Name Owner -Value {
                $owner = $this | Invoke-CimMethod -MethodName GetOwner
                #write the owner information
                "$($owner.domain)$($owner.user)"
                } 
                
                if ($Full) {
                    #write the full process object with additions to the pipeline
                    $data
                }
                else {
                    #get process summary
                    $data | Select ProcessID,CreationDate,RunTime,Owner,PSComputername  
                  }    

            } #if $data

         } #try

         Catch {
           Write-Warning "Could not query $computer"
           Write-Warning $myErr.ErrorRecord.Exception.Message
           Write-Debug "Suspend script to debug `$myErr exception"
         } #catch

     } #if test-connection works
     else {
       Write-Warning "Failed to ping $computer"
     }

} #foreach computer
} #process

End {
 Write-verbose "Ending Get-PSRemoteSession"
} #end

} #end function

该函数将计算机名作为参数。它会执行快速 ping 操作来验证计算机是否正在运行。我可能应该将其设为可选，但当时我需要它。然后，该函数使用 Get-CimInstance 查询计算机中 wsmprovhost.exe 进程的所有实例。我使用 CIM 是因为日期时间值会自动格式化，这使得添加指示进程（可能还有远程会话）运行了多长时间的自定义属性变得更加容易。我还添加了一个自定义属性来获取流程所有者。由于 CIM cmdlet 中的一个怪癖（错误？），我什至可以查询运行 PowerShell 2.0 的远程计算机。使用过滤器时，CIM cmdlet 可与 v2 计算机配合使用。我不会质疑它，但会利用它。

默认情况下，该函数将摘要对象写入管道。

我尚未弄清楚的一件事是如何显示每个会话是从哪台计算机连接的。尽管即使我可以与活动网络连接建立关联，但我不确定这在会话断开的情况下是否会有帮助。我也无法从进程中判断会话的状态。

我提供了一个获取完整进程对象的选项，以便您可以运行如下命令：

但我怀疑对于你们中的许多人来说，这个总结就足够了。这里有些例子。

Get-Content c:\work\chi.txt | get-psremotesession | out-gridview -title "Remote Sessions"

如果您终止 wsmprovhost 进程，则会破坏 PSSession，因此请小心。但至少现在您有一种方法来确定哪些会话可能是开放的。我希望你能让我知道你的想法。享受！