Get-Sessions: Powershell script for information on interactive logins (incl RDP)

Get-Sessions: Powershell script to get information about interactive logins (including RDP sessions) including logon, connect, disconnect and logoff times. Session ID and remote host for RDP can be requested per parameter. Now here: https://github.com/MScholtes/TechNet-Gallery

Get-Sessions.zip
 
 
 
 
 
(0)
719 times
Add to favorites
5/6/2020
E-mail Twitter del.icio.us Digg Facebook
  • Not able to generate output. Please help
    7 Posts | Last post January 24, 2019
    • PS C:\> Get-Sessions -After 01/03/2019 -Before 01/05/2019 -Detailed | Format-Table
      Get-Sessions : Fehler beim Lesen des Eventlogs von Computer STM-DASHA-V01
      At line:1 char:1
      + Get-Sessions -After 01/03/2019 -Before 01/05/2019 -Detailed | Format- ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
          + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-Sessions
    • Hello abhisek91,
      
      I'm sorry there are german messages and no error handling in the script. I will correct that soon.
      
      Would you please execute the following command in a PowerShell window and post the result or error message here:
      
      Get-Winevent -FilterHashTable @{ LogName = "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"; Id = 21,23,24,25 } | select -last 1 | Format-List
      
      
      Greetings
      
      Markus
      
    • PS C:\> Get-Winevent -FilterHashTable @{ LogName = "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"; Id = 21,23,24,25 } | select -last 1 | Format-List
      Get-Winevent : The 'Get-Winevent' command was found in the module 'Microsoft.PowerShell.Diagnostics', but the module could not be loaded. For more information, run 'Impor
      Microsoft.PowerShell.Diagnostics'.
      At line:1 char:1
      + Get-Winevent -FilterHashTable @{ LogName = "Microsoft-Windows-Termina ...
      + ~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (Get-Winevent:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
    • Hello abhisek91,
      
      this is a strange error.
      
      The commandlet Get-Winevent is not working on your computer. This commandlet is necessary for the script Get-Sessions to run.
      
      Can it be that you try it in an environment that is restricted maybe by the IT department of your organisation? Or maybe there is a problem with your PowerShell installation?
      
      Can you post the version of your PowerShell and your Windows?
      
      Can you execute the following command in your PowerShell console to retrieve the language mode:
      $ExecutionContext.SessionState.LanguageMode
      
      Greetings
      
      Markus
      
      
    • PS C:\> $PSVersionTable.PSVersion
      
      Major  Minor  Build  Revision
      -----  -----  -----  --------
      5      1      14409  1012
      
      PS C:\> $ExecutionContext.SessionState.LanguageMode
      FullLanguage
    • Hello abhisek91,
      
      I see you installed PowerShell 5.1 on Windows 7 or Windows 8.1.
      
      There seems to be something wrong with your PowerShell installation. It might help if you reinstall it.
      
      You may also start a PowerShell in V2 compatibily mode with "PowerShell.exe -Version 2". It would be interesting if the Get-Winevent commandlet from above succeeds now.
      (PowerShell V2 is only available if .Net 3.51 is installed)
      
      Greetings
      
      Markus
    • Thanks it worked like a charm. 
  • error
    2 Posts | Last post January 20, 2019
    • PS C:\> Get-Winevent -FilterHashTable @{ LogName = "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"; Id = 21,23,24,25 } | select -last 1 | Format-List
      Get-Winevent : The 'Get-Winevent' command was found in the module 'Microsoft.PowerShell.Diagnostics', but the module could not be loaded. For more information, run 'Impor
      Microsoft.PowerShell.Diagnostics'.
      At line:1 char:1
      + Get-Winevent -FilterHashTable @{ LogName = "Microsoft-Windows-Termina ...
      + ~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (Get-Winevent:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CouldNotAutoloadMatchingModule
    • I answer to question "Not able to generate output. Please help".