I’d like to have an email notification on user logon to certain machines. It’s a domain environment so username would be a nice to have in the email. I can create a logon triggered scheduled task to run a script but not sure how to get the script to figure out what user logged on since $env:username would give me the user account that runs the task.
Seems like getting the right event with Get-WinEvent and turning it to XML then looking for logon type 10 and process System32 got me the account name so I could insert it into email body.
Hi JC,
You could also try to get currently logged in users from WMI Win32_ComputerSystem class.
(Get-CimInstance -class Win32_ComputerSystem).username #If user is logged in, it will return string DOMAIN\username
Thanks Aleksandras. That’s a good idea too although I’m more interested in the user that just logged in rather than all users logged in.
Tried to do “Switch account” and then get username from Win32_ComputerSystem. Looks like it return only one currently logged in user. Info from MSDN:
Data type: string
Access type: Read-only
Qualifiers: MappingStrings (“Win32API|System Information Functions|GetUserName”)
Name of a user that is logged on currently. This property must have a value. In a terminal services session, UserName returns the name of the user that is logged on to the console—not the user logged on during the terminal service session.
This works on my home PC but not on my office Server 2012R2 domain member. Doesn’t return anything.
I would also choose the eventlog path… Since your only interested in “some” clients, I would setup Windows Event Forwarding Service and create a policy for the clients in question… then you can run the script from a centralized location…
It returns null if you’re logged in via RDP.
This would explain it 
Many thanks