All PowerShell versions
To find out who owns a particular process and how many instances are running, try this simple piece of code:
$ProcessName = 'explorer.exe' (Get-WmiObject -Query "select * from Win32_Process where name='$ProcessName'").GetOwner().User
Note: there are many different approaches to find out the currently logged on users, and depending on the environment you are using, the approach presented here may have limitations. It assumes that the user uses a graphical user interface. On server core machines, running non-UI processes only, the script would not detect the user connected with the host.
The example returns the process owners of all “explorer.exe” processes found on the computer. If you have Administrator privileges and do this remotely, the list of users will resemble the list of logged in interactive users, because the desktop each user uses is itself an explorer.exe.
When you add the Sort-Object command, you can easily eliminate duplicates:
$ProcessName = 'explorer.exe' (Get-WmiObject –Query "select * from Win32_Process where name='$ProcessName'").GetOwner().User | Sort-Object -Unique
And when you change the process name, you can find out other interesting things. This will list all the users that are currently visiting your machine via PowerShell remoting:
$ProcessName = 'wsmprovhost.exe' try { (Get-WmiObject -Query "select * from Win32_Process where name='$ProcessName'").GetOwner().User | Sort-Object -Unique } catch { Write-Warning "No user found." }
