Get-Process can list processes but does not provide information about who is running the process. Here, WMI can help. Get-ProcessEx is a clever function that returns process information including ownership, and it works remotely, too.
So if you wanted to know who is running PowerShell on your system, check this out:
PS> Get-ProcessEx powershell.exe Name Owner Description Handle ---- ----- ----------- ------ powershell.exe TobiasAir1\Tobias powershell.exe 5204 powershell.exe TobiasAir1\Tobias powershell.exe 6848 powershell.exe TobiasAir1\Customer... powershell.exe 2600
Likewise, you can now check who is currently visiting your computer through PowerShell Remoting. Just look for processes named "wsmprovhost.exe".
function Get-ProcessEx { param( $Name='*', $ComputerName, $Credential ) $null = $PSBoundParameters.Remove('Name') $Name = $Name.Replace('*','%') Get-WmiObject -Class Win32_Process @PSBoundParameters -Filter "Name like '$Name'" | ForEach-Object { $result = $_ | Select-Object Name, Owner, Description, Handle $Owner = $_.GetOwner() if ($Owner.ReturnValue -eq 2) { $result.Owner = 'Access Denied' } else { $result.Owner = '{0}\{1}' -f ($Owner.Domain, $Owner.User) } $result } }
