Ever wanted to find out who is running a (hidden) remote PowerShell on your machine? Here's a simple one-liner:
Get-WSManInstance -ConnectionURI ('http://{0}:5985/wsman' -f $env:computername) `
-ResourceURI shell -Enumerate
It will return anyone connecting via port 5985 to your machine. However, if you're not running in a domain environment, you first have to enable non-Kerberos connections (remember that without Kerberos, you no longer know for sure that the target computer really is the computer it pretends to be):
Set-Item WSMan:\localhost\Client\TrustedHosts * -Force
The result can look similar to this:
To just get a list of people connected to your machine, try this: