none
Format list of users. RRS feed

  • Question

  • I'm building a script that is going to remove user folders (C:\Users) of those who have not logged in in the last 30 days. I am able to get the information but the output will give me multiple of copies of the same people. Example: johnd and janed have logged into this computer 10 times, so the output of this script will list those usernames 10 times each. I want to get a list that shows the user 1 time. I hope that I'm clear enough on this stuff but feel free to ask questions.

    Write-Host "Setting up..." -ForegroundColor Yellow
    
    Write-Host "Checking for administrative rights..." -ForegroundColor Yellow
    
    	## Get the ID and security principal of the current user account.
    $myWindowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent();
    $myWindowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($myWindowsID);
    
    	## Get the security principal for the administrator role.
    $adminRole = [System.Security.Principal.WindowsBuiltInRole]::Administrator;
    
    	## Check to see if we are currently running as an administrator.
    if ($myWindowsPrincipal.IsInRole($adminRole))
    {
    		## We are running as an administrator, so change the title and background colour to indicate this.
    	Write-Host "We are running as administrator, changing the title to indicate this." -ForegroundColor Green
    	$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)";
    }
    else
    {
    	Write-Host "We are not running as administrator. Relaunching as administrator." -ForegroundColor Yellow
    		## We are not running as admin, so relaunch as admin.
    	$NewProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
    	
    		## Specify the current script path and name as a parameter with added scope and support for scripts with spaces in it's path.
    	$NewProcess.Arguments = "& '" + $script:MyInvocation.MyCommand.Path + "'"
    	
    		## Indicate that the process should be elevated.
    	$NewProcess.Verb = "runas";
    	
    		## Start the new process
    	[System.Diagnostics.Process]::Start($newProcess);
    	
    		## Exit from the current, unelevated, process.
    	Exit;
    }
    
    Write-Host "Continuing with setup..." -ForegroundColor Yellow
    
    function Get-LogonHistory
    {
    	$30days = (Get-Date).AddDays(-30)
    	$logons = Get-EventLog Security -AsBaseObject -InstanceId 4624, 4647 -After $30days |
    	Where-Object {
    		($_.InstanceId -eq 4647) `
    		-or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+2")) `
    		-or (($_.InstanceId -eq 4624) -and ($_.Message -match "Logon Type:\s+10"))
    	}
    	$events = $logons | Sort-Object TimeGenerated
    	
    	if ($events)
    	{
    		foreach ($event in $events)
    		{
    				## Parse logon data from the Event.
    			if ($event.InstanceId -eq 4624)
    			{
    					## A user logged on.
    				$action = 'logon'
    				
    				$event.Message -match "Logon Type:\s+(\d+)" | Out-Null
    				$logonTypeNum = $matches[1]
    				
    					## Determine logon type.
    				if ($logonTypeNum -eq 2)
    				{
    					$logonType = 'console'
    				}
    				elseif ($logonTypeNum -eq 10)
    				{
    					$logonType = 'remote'
    				}
    				else
    				{
    					$logonType = 'other'
    				}
    				
    					## Determine user.
    				if ($event.message -match "New Logon:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)")
    				{
    					$user = $matches[1]
    				}
    				else
    				{
    					$index = $event.index
    					Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
    				}
    				
    			}
    			elseif ($event.InstanceId -eq 4647)
    			{
    					## A user logged off.
    				$action = 'logoff'
    				$logonType = $null
    				
    					## Determine user.
    				if ($event.message -match "Subject:\s*Security ID:\s*.*\s*Account Name:\s*(\w+)")
    				{
    					$user = $matches[1]
    				}
    				else
    				{
    					$index = $event.index
    					Write-Warning "Unable to parse Security log Event. Malformed entry? Index: $index"
    				}
    			}
    			elseif ($event.InstanceId -eq 41)
    			{
    					## The computer crashed.
    				$action = 'logoff'
    				$logonType = $null
    				$user = '*'
    			}
    			
    				## As long as we managed to parse the Event, print output.
    			if ($user)
    			{
    				$output = New-Object -Type PSCustomObject
    				Add-Member -MemberType NoteProperty -Name 'UserName' -Value $user -InputObject $output
    				Write-Output $output
    			}
    		}
    	}
    	else
    	{
    		Write-Host "No recent logon/logoff events."
    	}
    }
    
    
    Get-LogonHistory
    
    ForEach ($u in $User)
    {
    	Remove-Item -Path C:\Users\ -Exclude *admin*, *helion*, *default*, Public -WhatIf
    }
    
    Write-Warning "Press any key to continue...";
    $x = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown");

    • Moved by Bill_Stewart Tuesday, July 31, 2018 3:00 PM This is not "debug/fix/rewrite my script for me" forum
    Thursday, June 21, 2018 1:35 PM

All replies