Asked by:
Format list of users.

Question
-
I'm building a script that is going to remove user folders (C:\Users) of those who have not logged in in the last 30 days. I am able to get the information but the output will give me multiple of copies of the same people. Example: johnd and janed have logged into this computer 10 times, so the output of this script will list those usernames 10 times each. I want to get a list that shows the user 1 time. I hope that I'm clear enough on this stuff but feel free to ask questions.
Write-Host "Setting up..." -ForegroundColor Yellow Write-Host "Checking for administrative rights..." -ForegroundColor Yellow ## Get the ID and security principal of the current user account. $myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent(); $myWindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($myWindowsID); ## Get the security principal for the administrator role. $adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator; ## Check to see if we are currently running as an administrator. if ($myWindowsPrincipal.IsInRole($adminRole)) { ## We are running as an administrator, so change the title and background colour to indicate this. Write-Host "We are running as administrator, changing the title to indicate this." -ForegroundColor Green $Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"; } else { Write-Host "We are not running as administrator. Relaunching as administrator." -ForegroundColor Yellow ## We are not running as admin, so relaunch as admin. $NewProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell"; ## Specify the current script path and name as a parameter with added scope and support for scripts with spaces in it's path. $NewProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'" ## Indicate that the process should be elevated. $NewProcess.Verb = "runas"; ## Start the new process [System.Diagnostics.Process]::Start($newProcess); ## Exit from the current, unelevated, process. Exit; } Write-Host "Continuing with setup..." -ForegroundColor Yellow function Get-LogonHistory { $30days = (Get-Date).AddDays(-30) $logons = Get-EventLog Security -AsBaseObject -InstanceId 4624, 4647 -After $30days | Where-Object { ($_.InstanceId -eq 4647) ` -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+2")) ` -or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+10")) } $events = $logons | Sort-Object TimeGenerated if ($events) { foreach ($event in $events) { ## Parse logon data from the Event. if ($event.InstanceId -eq 4624) { ## A user logged on. $action = 'logon' $event.Message -match "Logon Type:\s+(\d+)" | Out-Null $logonTypeNum = $matches[1] ## Determine logon type. if ($logonTypeNum -eq 2) { $logonType = 'console' } elseif ($logonTypeNum -eq 10) { $logonType = 'remote' } else { $logonType = 'other' } ## Determine user. if ($event.message -match "New Logon:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") { $user = $matches[1] } else { $index = $event.index Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index" } } elseif ($event.InstanceId -eq 4647) { ## A user logged off. $action = 'logoff' $logonType = $null ## Determine user. if ($event.message -match "Subject:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)") { $user = $matches[1] } else { $index = $event.index Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index" } } elseif ($event.InstanceId -eq 41) { ## The computer crashed. $action = 'logoff' $logonType = $null $user = '*' } ## As long as we managed to parse the Event, print output. if ($user) { $output = New-Object -Type PSCustomObject Add-Member -MemberType NoteProperty -Name 'UserName' -Value $user -InputObject $output Write-Output $output } } } else { Write-Host "No recent logon/logoff events." } } Get-LogonHistory ForEach ($u in $User) { Remove-Item -Path C:\Users\ -Exclude *admin*, *helion*, *default*, Public -WhatIf } Write-Warning "Press any key to continue..."; $x = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown");
- Moved by Bill_Stewart Tuesday, July 31, 2018 3:00 PM This is not "debug/fix/rewrite my script for me" forum
Thursday, June 21, 2018 1:35 PM
All replies
-
You will have to add logic to your script to filter out the record you want to keep.
\_(ツ)_/
Thursday, June 21, 2018 1:53 PM -
You can also just do this:
Get-LogonHistory | select username -Unique
\_(ツ)_/
Thursday, June 21, 2018 1:56 PM