1 Reply Latest reply on Jan 25, 2017 11:54 AM by Roger1

    Workstation Session Status

    Roger1 Apprentice
      I'm working on a small menu-driven front end for some monotonous tasks for me and my techs.  I have yet to find a reliable way to script and view a remote PC's session status.  I'm sure there are many tools available but we have none in our arsenal.  I've found a lot of posts on the matter but most tend to agree that there isn't a sure-fire way to accurately report the data from a PowerShell angle.  Then it hit me - "AppSense has these awesome triggers (session locked/session unlocked/logoff)." 

      Here's what I did - I simply created a Session Status node under each trigger with an action to update the Status value (with Locked, Unlocked, or Logged Off) when each trigger fired.  Now I can retrieve the data via a small PS script when needed.

      It's simple yet effective! 

      PowerShell Code*
      $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computer) $regKey= $reg.OpenSubKey("SOFTWARE\\AppSense\\status") $status = $regKey.GetValue("status")  if (Test-Connection $computer -Count 1 -Quiet) {         if ($status -eq 'Locked') {(write-host "User logged in - Session locked" -ForegroundColor Yellow)}         elseif ($status -eq 'Logged Off') {(write-host "User logged off" -ForegroundColor Gray)}         elseif ($status -eq 'Unlocked') {(write-host "User logged in - Session is Active" -ForegroundColor Green)}         }     else {(write-host "$computer Offline or Doesn't Exist" -ForegroundColor red)}


      *I'm not an advanced scripter - please forgive any sloppy code.  Thoughts? Suggestions?
      Attached a screenshot of the node placement.
        • 1. Re: Workstation Session Status
          Roger1 Apprentice

          I’ve implemented a few things with EM that I hope might be useful for others out there in the workstation world.  I’ve been slowly but steadily stacking on some PowerShell knowledge.  I recently had the good fortune of obtaining Sapien PowerShell Studio for creating some simple GUI interfaces for non-technical users. It’s quite powerful and addictive. That said, there are still plenty of things that are just overly difficult or dreadfully slow when utilizing PowerShell.  A loose quote from PowerShell guru Don Jones:  “PowerShell is not fast - it only has varying degrees of slowness” – a very true statement. This is where EM comes to the rescue. Triggers and lightning quick internal conditions/actions coupled with PowerShell make for a beautiful marriage.

           

          Here are a few things I’ve added in relation to workstation maintenance:

          • Added LockTime value to see how long a user has been away.

               status_locked.JPG

                   Code:

          $locktime = Get-Date -Format ‘M/d/yyyy hh:mm:ss tt’

              Set-ItemProperty -Path HKLM:\Software\AppSense\Status -Name LockTime -Value $locktime

                

           

                    Retrieval code example:

                    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername)

               $regKey = $reg.OpenSubKey("SOFTWARE\\AppSense\\status")

               $locktime = $regKey.GetValue("LockTime")

                  

           

          • Added a get mapped drives node.  I’ve yet to find a solid way of how to get a logged in user’s mapped drives. Temporary drives don’t write to the registry.  On session lock, I write this information out to a file and use PowerShell to retrieve it.

          get-mappeddrives.JPG

          Code:

          Get-WmiObject -Class Win32_MappedLogicalDisk | select @{n='Drive';e= {$_.DeviceId}}, @{n='Share';e={$_.ProviderName}} | Export-Csv -NoTypeInformation -Path c:\temp\MappedDrives-$env:USERNAME.csv -force

           

           

          Retrieval code example.  *Note the UserName value is added at desktop created via a set registry value action.

          $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername)

          $regKey = $reg.OpenSubKey("SOFTWARE\\AppSense\\status")

          $user = $regKey.GetValue("UserName")

          $drives = Import-Csv -Path \\$computername\c$\temp\mappeddrives-$user.csv | Format-Table -AutoSize

           

           

          • Added a custom condition to check the permissions of a filer/folder and perform an action.  I had a previous post about this which used an if/else group with way too many pieces. I was then unfamiliar with how to add/build a custom condition.  Although they can be somewhat slow (compared to internal conditions), they are extremely powerful!  Using VB here instead of PowerShell would probably yield a faster result.

          Permission_elevation.JPG

          Code:

          $user = "DOMAIN\Domain Users"

          $Acl = Get-Acl "C:\Program Files (x86)\FOLDER\FOLDER"

          if(-not (($Acl.Access | select -ExpandProperty IdentityReference) -contains $user))

          {

               Exit (0)

          }

          else

          {

               Exit (1)

          }

           

           

          • Added a way for a standard non-admin user to remotely restart a specific service on their workstation.  This was tough to figure out and AppSense EM was the only thing that made it doable.  Curious if anyone has done something like this and has an improved method over mine. For this to work, the source system has to be able to access the remote system.  The structure used:
            1. Create a Process Started node with a published blank exe
            2. Set a value in a central location (HKLM) for the username running the blank exe
            3. Run a PowerShell as an elevated user (saved in the Run As User Library)
              1. A message box pops up with a yes/no to restart a service on their computer which is retrievable from the username we previously set.
              2. I went further to allow the user to type in their PC name (if they select No) since this is a tiny number of users.  I did this because there is a minute possibly of overlap with the saved username reg value.
              3. The reg value can be cleared for good measure although the next user who runs it will simply overwrite it.

          restart-service.JPG

          The script is GUI based so here's a snippet/example:

           

          if ([System.Windows.Forms.MessageBox]::Show("Restart $service on $computername`?", "Restart $service", [System.Windows.Forms.MessageBoxButtons]::YesNo) -eq "Yes")

            {

                 $ErrorActionPreference = "stop"

            Try

            {

            Get-Service -ComputerName $computername -name $service | Restart-Service

            write-output $RestartGood

            }

            catch

            {

            Write-output $RestartBad

             }

           

           

          Always open to suggestions/improvements.