In our previous tip we used PowerShell to download and set up the Sysinternals suite of console commands. Here is what we did:
$destinationZipPath = "$env:temp\pstools.zip" $destinationFolder = "$env:temp\pstools" $link = "https://download.sysinternals.com/files/PSTools.zip" Invoke-RestMethod -Uri $link -OutFile $destinationZipPath -UseBasicParsing Unblock-File -Path $destinationZipPath Expand-Archive -Path $destinationZipPath -DestinationPath $destinationFolder -Force Remove-Item -Path $destinationZipPath explorer /select,$destinationFolder
Now how can you run a command via PowerShell? Since the Sysinternals suite consists of console commands, you can directly launch them; for example, psloggedon64.exe which tells you the user names of users that are currently logged on to a machine:
$destinationFolder = "$env:temp\pstools" & "$destinationFolder\PsLoggedOn64.exe"
The result looks similar to this:
PsLoggedon v1.35 - See who's logged on Copyright (C) 2000-2016 Mark Russinovich Sysinternals - www.sysinternals.com Users logged on locally: 29.08.2022 17:11:48 XXXX Users logged on via resource shares: 30.08.2022 08:18:32 (null)\XXX 30.08.2022 08:18:32 XXX\XXX
Note: Do not use Start-Process to run the tools, or else the output will show in a separate console window which closes again in a split-second.
When you run any Sysinternals tool for the first time, a EULA window pops up. Once you accept it, you can run commands unattended in the future.
In our next tip we show you how you can get rid of the EULA via PowerShell so you don’t even need to click the EULA once.