Functions/Get-ProcessUser.ps1
function Get-ProcessUser { <# .SYNOPSIS Get a list of processes and the user context that they run under. By default excluded system tasks .DESCRIPTION Get a list of processes and the user context that they run under. By default excluded system tasks .PARAMETER ComputerName An array of computer names. Defaults to $env:COMPUTERNAME. Aliased to 'CN', 'Server' .PARAMETER UserName A -like search string to compare process username context. Defaults to '*' .PARAMETER IncludeSystem Switch to include the system scheduled tasks. Aliased to 'IS' .NOTES Unless the -IncludeSystem switch is specified the following will be excluded from the output: 'NT Authority\System', 'NT Authority\Local Service', 'NT Authority\Network Service' Put in error checking around Invoke-Command to handle Kerberos errors. #> # todo - add Credential to invoke-command [CmdletBinding()] [OutputType('psobject')] param ( [parameter(Mandatory, HelpMessage = 'Please enter the name of a computer', ValueFromPipelineByPropertyName)] [Alias('ComputerName', 'CN', 'Server')] [string[]] $Name, [string] $UserName = '*', [switch] $IncludeSystem ) begin { Write-Verbose -Message "Starting [$($MyInvocation.Mycommand)]" Write-Verbose -Message "IncludeSystem [$IncludeSystem], UserName [$UserName]" if ($Name -eq '.') { $Name = $env:COMPUTERNAME Write-Verbose -Message "Setting `$Name to [$Name]" } $System = @( 'NT AUTHORITY\SYSTEM', 'NT AUTHORITY\LOCAL SERVICE', 'NT AUTHORITY\NETWORK SERVICE' ) $PssOption = New-PSSessionOption -IncludePortInSPN } process { foreach ($CurName in $Name) { Write-Verbose -Message "Processing [$CurName]" try { $Proc = Invoke-Command -ComputerName $CurName -ScriptBlock { Get-Process -IncludeUserName } | Where-Object { $_.UserName -like $UserName } } catch { try { $PsSession = New-PSSession -ComputerName $CurName -SessionOption $PssOption Invoke-Command -Session $PsSession -ScriptBlock { Get-Process -IncludeUserName } | Where-Object { $_.UserName -like $UserName } } catch { Write-Error -Message "Either computer [$curComputerName] is not up, or you don't have permission to run Invoke-Command against [$curComputerName]" } } if (-not $IncludeSystem) { $Proc = $Proc | Where-Object { $_.UserName -notin $System -and $null -ne $_.UserName } } $Proc | Select-Object -Property @{Name = 'ComputerName'; expr = { $_.PsComputerName } }, UserName, Name, Id } } end { Write-Verbose -Message "Ending [$($MyInvocation.Mycommand)]" } } |