Rampant RDP sessions

I've been seeing more and more instances of developers and administrators just disconnecting from RDP sessions on our servers instead of logging off. One I just find this irritating and two It leaves possible applications open on the servers and using resources. So to combat this issue I finally put the following scripts together. 

The first looks for all RDP sessions that have been idle for more than 59 minutes on a filtered list of servers. It then compiles a list of all sessions with the same userID. It looks up the e-mail address of each userID in Active Directory and puts together a report of that list and e-mails it to the individual. Once all individual reports have been sent it sends a master list to a specified address (me). The function that gathers the RDP session info was written by Jaap Brasser http://www.jaapbrasser.com, I was half way through writing my own when I stumbled upon it but why would I want to reinvent the wheel?

	Function Get-LoggedOnUser {
	<#
	.Synopsis
	Queries a computer to check for interactive sessions
	.DESCRIPTION
	This script takes the output from the quser program and parses this to PowerShell objects
	.NOTES
	Name: Get-LoggedOnUser
	Author: Jaap Brasser
	Version: 1.1
	DateUpdated: 2013-06-26
	.LINK
	http://www.jaapbrasser.com
	.PARAMETER ComputerName
	The string or array of string for which a query will be executed
	.EXAMPLE
	.\Get-LoggedOnUser.ps1 -ComputerName server01,server02
	Description:
	Will display the session information on server01 and server02
	.EXAMPLE
	'server01','server02' | .\Get-LoggedOnUser.ps1
	Description:
	Will display the session information on server01 and server02
	#>
	param(
	[CmdletBinding()]
	[Parameter(ValueFromPipeline=$true,
	ValueFromPipelineByPropertyName=$true)]
	[string[]]$ComputerName = 'localhost'
	)
	process {
	foreach ($Computer in $ComputerName) {
	quser /server:$Computer | Select-Object -Skip 1 | ForEach-Object {
	$CurrentLine = $_.Trim() -Replace '\s+',' ' -Split '\s'
	$HashProps = @{
	UserName = $CurrentLine[0]
	ComputerName = $Computer
	}
	# If session is disconnected different fields will be selected
	if ($CurrentLine[2] -eq 'Disc') {
	$HashProps.SessionName = $null
	$HashProps.Id = $CurrentLine[1]
	$HashProps.State = $CurrentLine[2]
	$HashProps.IdleTime = $CurrentLine[3]
	$HashProps.LogonTime = $CurrentLine[4..6] -join ' '
	} else {
	$HashProps.SessionName = $CurrentLine[1]
	$HashProps.Id = $CurrentLine[2]
	$HashProps.State = $CurrentLine[3]
	$HashProps.IdleTime = $CurrentLine[4]
	$HashProps.LogonTime = $CurrentLine[5..7] -join ' '
	}
	New-Object -TypeName PSCustomObject -Property $HashProps |
	Select-Object -Property UserName,ComputerName,SessionName,Id,State,IdleTime,LogonTime
	}
	}
	}
	}
	#get list of all servers to check sessions on from Active Directory
	$AllServers = (Get-ADComputer -filter {name -like "*servernameconvention*"}).name
	#Check all sessions on Servers one by one
	$AllSessions=$List=$MasterList=@()
	ForEach($ComputerName in $AllServers){
	$AllSessions += (Get-LoggedOnUser -ComputerName $ComputerName -ErrorAction SilentlyContinue)
	}
	#Filter results down to Sessions older than 1 Hour
	$AllSessions = $AllSessions | Where-Object {($_.IdleTime -like "*:*") -and ($_.IdleTime -gt "00:59")}
	#Find User information from Active Directory
	$Users = ($AllSessions | select Username -Unique)
	ForEach($U in ($Users).username){
	$List += (Get-ADUser $U -Properties * | select Samaccountname, Name, mail, company)
	}
	#If username designated as a Domain Admin account Drop the "-DA" and locate the e-mail address of the account owner
	ForEach($u in $list){
	IF(($u.mail -eq $null) -and ($u.samaccountname -like "*-DA")){
	$SAM = $u.Samaccountname.substring(0,6)
	$U.mail = ((Get-ADUser $SAM -Properties mail).mail)
	}
	$MasterList += $U
	}
	#Add e-mail addresses from contacts (typically vendor accounts i.e. DELL, HP, etc.)
	$Contacts = Get-ADObject -Filter {Objectclass -like "contact"} -Properties *
	ForEach($U in $MasterList){
	IF($U.mail -eq $null){
	$Name = $U.name.split(',')[0]
	$Mail = $Contacts | Where-Object {($_.name -like "*$Name*") -and ($_.mail -like "*$($u.company)*")}
	$U.mail = $Mail.mail
	}
	}
	# Setup email parameters
	$today = Get-Date
	$priority = "Normal"
	$smtpServer = "mail.EmailServer.com"
	$emailFrom = "Notifications@EmailServer.com"
	#Send Individual Reports
	ForEach($u in $MasterList){
	$subject = "Remote Server Sessions Report for $($u.samaccountname) - " + $today
	$Body = '<font face="Arial">'
	$Body += "<H4> Your UserID $($u.samaccountname), was found to have sessions exceeding 1 hour of idle time on the following servers. Please connect back in and log off properly.</H4><p>`n`n"
	$Body += "`n"
	$Body += '<font color="FF0000">'
	$Body += "<H5>This is an automated e-mail, please do not reply</H5><p>"
	$Body += "</font>"
	$Body += "`n"
	$Body += ($AllSessions | Where-Object {($_.username -like ($u).samaccountname)} | ConvertTo-html)
	$Body += "`n"
	IF($u.mail.count -gt 0){
	$Body += "</font>"
	Write-Host "$($U.name), $($u.mail)"
	$emailTo = "$($u.mail)"
	Send-MailMessage -To $emailTo -Subject $subject -Body $Body -BodyAsHtml -SmtpServer $smtpServer -From $emailFrom -Priority $priority
	}ELSE{
	$emailTo = "Admin@EmailServer.com"
	$Body += "`n `n"
	$Body += $U | Select Samaccountname, Name, Company | ConvertTo-Html
	$Body += "</font>"
	Send-MailMessage -To $emailTo -Subject $subject -Body $Body -BodyAsHtml -SmtpServer $smtpServer -From $emailFrom -Priority $priority
	}
	}
	#Master Report
	$emailTo = "Admin@EmailServer.com"
	$Subject = "Remote Server Sessions Report for - " + $today
	$Body = '<font face="Arial">'
	$Body += "Remote Server Sessions Report for - " + $today
	$Body += "`n"
	$Body += "`n"
	$Body += "The following is a list of sessions that have exceeded 1 hour"
	$Body += "`n"
	$Body += $AllSessions | Sort-Object Username | ConvertTo-Html
	$Body += "</font>"
	Send-MailMessage -To $emailTo -Subject $subject -Body $Body -BodyAsHtml -SmtpServer $smtpServer -From $emailFrom -Priority $priority

view raw Send-RDPReport.ps1 hosted with ❤ by GitHub

The Second one I use to kill RDP sessions remotely quickly and easily. It uses Jaap's "Get-LoggedonUser" function as well but I've omitted it from the script box to save space.

	Function Kill-Sessions{
	Param(
	[Array]$Computer
	)
	$AllSessions=@()
	[int]$Number = 0
	ForEach($ComputerName in $Computer){
	$SystemSessions = (Get-LoggedOnUser -ComputerName $ComputerName -ErrorAction SilentlyContinue)
	ForEach($Session in $SystemSessions){
	$Number=($Number+1)
	$Session | Add-Member -MemberType NoteProperty -Name "Number" -Value $Number
	$AllSessions += $Session
	}
	}
	$AllSessions = $AllSessions | Where-Object {($_.IdleTime -like "*:*") -and ($_.IdleTime -gt "00:59")}
	$AllSessions | Select Number, `|, ComputerName, UserName, State, IdleTime, SessionName | ft -AutoSize
	$Terminate=@()
	$Terminate = Read-Host "Would you like to end one of the above sessions?"
	IF($Terminate -like "Y*"){
	$End = Read-Host "Enter the Number of the session you would like to end"
	$KillSession = ($Allsessions | ? {$_.number -eq $End})
	$Serv = ($Killsession).ServerName.ToString()
	$ID = ($KillSession).SessionID.tostring()
	Invoke-Expression "& `"LOGOFF`" /SERVER:$Serv $ID /V"
	}
	}
	$AllServers = (Get-ADComputer -filter {name -like "*Servername*"}).name
	Kill-Sessions -Computer $AllServers

view raw Kill-Sessions.ps1 hosted with ❤ by GitHub

My office is located in EST and we have a data center onsite but we also have another data center in CST. I don't know why but every so often we get some developers that don't understand that. So I have to sometimes find out why their code is an hour wrong or show them that they need to make their code time insensitive. I use this to do it.

	Function Get-TimeZone {
	Param(
	[Parameter(Mandatory=$True,Position=1)]
	[Array]$ComputerName
	)
	$AllTime=@()
	ForEach ($Computer in $ComputerName ) {
	IF((gwmi -class Win32_SystemTimeZone -ComputerName $Computer -ErrorAction SilentlyContinue) -gt $null){
	$Time = (Get-Time $Computer)
	$Zone1 = (gwmi -class Win32_SystemTimeZone -ComputerName $Computer).setting
	$Zone = $Zone1.split('=')[-1]
	$obj=New-Object PSObject
	$obj | Add-Member -MemberType NoteProperty -Name "ServerName" -Value $Time.ServerName
	$obj | Add-Member -MemberType NoteProperty -Name "DateTime" -Value $Time.DateTime
	$obj | Add-Member -MemberType NoteProperty -Name "TimeZone" -Value $Zone
	$AllTime += $obj
	}ELSE{
	Write-Output "Your current Credentials do not have access to this system ($Computer)"
	}
	}
	IF($AllTime.count -gt 0){
	Write-Output $AllTime
	}
	}

view raw Get-TimeZones.ps1 hosted with ❤ by GitHub

I decided to give up on the code highlighter and throw some business the way of https://gist.github.com

Sorry for the sloppy  script window here, still trying to figure out how to get it to show all neat and tidy on Blogger.

This Function I have found supper useful since at work to save drive letters many of our servers use mount points but we still haven't found a friendly way to check on the capacity and storage usage of them. This in combination of some other functions have become a staple of mine when checking system health and planning for additional storage needs.

 

 

 

1. Function get-mountpoints {  
2. Param(  
3.     [Parameter(Mandatory=$True,Position=1)]  
4.     [Array]$PC  
5. )  
6.     $volumes=@()  
7.     $TotalGB = @{Name="Capacity(GB)";expression={[math]::round(($_.Capacity/ 1073741824),2)}}  
8.     $FreeGB = @{Name="FreeSpace(GB)";expression={[math]::round(($_.FreeSpace / 1073741824),2)}}  
9.     $FreePerc = @{Name="Free(%)";expression={[math]::round(((($_.FreeSpace / 1073741824)/($_.Capacity / 1073741824)) * 100),0)}}  
10.     $volumes = Get-WmiObject -computer $PC win32_volume | Where-object {$_.name -notlike '\\?\*'}  
11.     $volumes | Select SystemName, Label, Name, $TotalGB, $FreeGB, $FreePerc | Sort-Object name | Write-Output  
12. }  

First Post

I've just decided to create this blog where I hope to share some of the many scripts, functions and modules I've created. I also hope to share some of the lessons I've learned, usual the hard way to that others don't have to go through the hell I put myself through.