Detecting Remote Visitors

by Jul 7, 2011

Whenever someone connects to your computer using PowerShell remoting, there is a host process called wsmprovhost.exe. You can only see processes from other users if you have local admin privileges. If you do, this is how you detect remoting processes:

Get-Process wsmprovhost -ea 0


To check whether there is (at least one) active remote PowerShell session on your computer, use this:

@(Get-Process wsmprovhost -ea 0).Count -gt 0


Twitter This Tip!
ReTweet this Tip!