How to determine the session id on remote machine for usage with psexec -i using script/powershell/...?

Question

I am in need of a script or powershell command that will be able to determine the session id of a specific logged in user on remote machine, to be later used as parameter to the psexec -i execution of remote gui process on that session of that user on the remote machine.

So far i managed to use

psexec \\remoteMachine -u user -p pswrd query session

to get list of sessions on the remote machine:

SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
console                                     0  Conn    wdcon
rdp-tcp#919       user                     1  Active  rdpwd
rdp-tcp#916       user                     3  Active  rdpwd

so i guess i could somehow isolate the needed id and use it - but haven't managed to do that yet

Any ideas? Maybe other - simpler ways?

Thanks for the help.

Answer 1

As long as you're using PSExec, I would just stick with it. You can get the ID field pretty easily given a username e.g.:

$username = 'joe'
$results = psexec \\remoteMachine -u adminuser -p password query session
$id = $results | Select-String "$username\s+(\w+)" |
                 Foreach {$_.Matches[0].Groups[1].Value}

psexec \\remoteMachine -u $username -i $id -d notepad.exe

Note that you want to use -d with PSExec otherwise it will wait until the launched program exits.

Answer 2

It's possible to do that without PowerShell. There is qwinsta command line tool that ships with Windows that you can use.

Example:

c:\>qwinsta
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
>rdp-tcp#0         YourUser                  2  Active  rdpwd
 rdp-tcp                                 65536  Listen

Usage:

c:\>qwinsta /?
Display information about Remote Desktop Sessions.

QUERY SESSION [sessionname | username | sessionid]
              [/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER] [/VM]

  sessionname         Identifies the session named sessionname.
  username            Identifies the session with user username.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server to be queried (default is current).
  /MODE               Display current line settings.
  /FLOW               Display current flow control settings.
  /CONNECT            Display current connect settings.
  /COUNTER            Display current Remote Desktop Services counters information.
  /VM                 Display information about sessions within virtual machines.