Finding Remote Sessions Connected to Your Machine

by Jul 29, 2013

Ever wanted to find out who is running a (hidden) remote PowerShell on your machine? Here's a simple one-liner:

Get-WSManInstance -ConnectionURI ('http://{0}:5985/wsman' -f $env:computername) `
-ResourceURI shell -Enumerate

It will return anyone connecting via port 5985 to your machine. However, if you're not running in a domain environment, you first have to enable non-Kerberos connections (remember that without Kerberos, you no longer know for sure that the target computer really is the computer it pretends to be):

Set-Item WSMan:\localhost\Client\TrustedHosts * -Force

The result can look similar to this:

To just get a list of people connected to your machine, try this:

Twitter This Tip! ReTweet this Tip!