In our previous tip we used PowerShell to download and set up the Sysinternals suite of console commands. Here is what we did:
$destinationZipPath = "$env:temp\pstools.zip" $destinationFolder = "$env:temp\pstools" $link = "https://download.sysinternals.com/files/PSTools.zip" Invoke-RestMethod -Uri $link -OutFile $destinationZipPath -UseBasicParsing Unblock-File -Path $destinationZipPath Expand-Archive -Path $destinationZipPath -DestinationPath $destinationFolder -Force Remove-Item -Path $destinationZipPath explorer /select,$destinationFolder
Now how can you run a command via PowerShell? Since the Sysinternals suite consists of console commands, you can directly launch them; for example, psloggedon64.exe which tells you the user names of users that are currently logged on to a machine:
$destinationFolder = "$env:temp\pstools" & "$destinationFolder\PsLoggedOn64.exe"
The result looks similar to this:
PsLoggedon v1.35 - See who's logged on
Copyright (C) 2000-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
Users logged on locally:
29.08.2022 17:11:48 XXXX
Users logged on via resource shares:
30.08.2022 08:18:32 (null)\XXX
30.08.2022 08:18:32 XXX\XXX
Note: Do not use Start-Process to run the tools, or else the output will show in a separate console window which closes again in a split-second.
When you run any Sysinternals tool for the first time, a EULA window pops up. Once you accept it, you can run commands unattended in the future.
In our next tip we show you how you can get rid of the EULA via PowerShell so you don’t even need to click the EULA once.
