Find-TaskUser.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 |
Function Find-TaskUser { [CmdletBinding()] param( [string]$server, [string]$user ) process { $server = $server.trim() $user = $user.trim() <# #23 start #if ([bool](Get-Command Get-ScheduledTask -ErrorAction SilentlyContinue)) { if ([bool](Test-Connection -ComputerName $server -Count 1 -ErrorAction SilentlyContinue)){ if ([bool](Invoke-Command -ComputerName $server -EnableNetworkAccess -ScriptBlock {[bool](Get-Command Get-ScheduledTask -ErrorAction SilentlyContinue)} -erroraction silentlycontinue)) { try { Write-Verbose -Message "$server : Try use Get-ScheduledTask" $data = Get-ScheduledTask -CimSession $server -ErrorAction stop | Where-Object {$_.author -match $user -or $_.Principal.userid -match $user} | Select-Object @{Name="Hostname"; Expression = {$_.PSComputerName}}, taskname, @{Name="Run As User"; Expression = {$_.Principal.userid}}, Author, URI return $data } catch { Write-verbose -Message "Get-ScheduledTask error: $_" Write-Verbose -Message "$server : Switching to schtasks command." Invoke-SCHTasks -server $server -user $user } } else { Invoke-SCHTasks -server $server -user $user } } else { Write-verbose -Message "$server`: Connection failed!" Write-Information -MessageData "$server`: Connection failed!" -InformationAction Continue return $null } #23 end #> #26 start if ($server -eq $env:COMPUTERNAME -or $server -eq "localhost") { #local Write-Verbose -Message "$server`: Local computer." try { Write-Verbose -Message "$server`: Try use Get-ScheduledTask." #do cimsession on local to have "pscomputername" property return Get-ScheduledTask -CimSession $server -ErrorAction stop | Where-Object {$_.author -match $user -or $_.Principal.userid -match $user} | Select-Object @{Name="Hostname"; Expression = {$_.PSComputerName}}, taskname, @{Name="Run As User"; Expression = {$_.Principal.userid}}, Author, URI } catch { Write-verbose -Message "$server`: Get-ScheduledTask error: $_" Write-Verbose -Message "$server`: Switching to schtasks command." Invoke-SCHTasks -server $server -user $user } } else { #remote Write-Verbose -Message "$server`: Remote computer." try { Write-Verbose -Message "$server`: Test-connection." Test-Connection -ComputerName $server -Count 1 -ErrorAction Stop | Out-Null } catch { Write-verbose -Message "$server`: Test-Connection error: $_" Write-Information -MessageData "$server Offline?" -InformationAction Continue return $null } try { Write-Verbose -Message "$server`: Try use Get-ScheduledTask." try { #check if is local get-scheduledtask Write-Verbose -Message "$server`: Is local command Get-ScheduledTask ?" Invoke-Command -ScriptBlock {Get-Command Get-ScheduledTask -ErrorAction Stop} -ErrorAction stop | Out-Null } catch { # no local get-scheduledtask #check if is remote get-scheduledtask Write-Verbose -Message "$server`: No local command Get-ScheduledTask." try { Write-Verbose -Message "$server`: Is remote command Get-ScheduledTask ?" Invoke-Command -ComputerName $server -EnableNetworkAccess -ScriptBlock {Get-Command Get-ScheduledTask -ErrorAction stop} -ErrorAction stop | Out-Null try { Write-Verbose -Message "$server`: Try use remote command Get-ScheduledTask." $remote_data = Invoke-Command -ComputerName $server -EnableNetworkAccess -ScriptBlock {Get-ScheduledTask -erroraction stop} -erroraction stop | Where-Object {$_.author -match $user -or $_.Principal.userid -match $user} | Select-Object @{Name="Hostname"; Expression = {$_.PSComputerName}}, taskname, @{Name="Run As User"; Expression = {$_.Principal.userid}}, Author, URI #$remote_data if ($remote_data) { Write-Verbose -Message "$server`: return data from remote command Get-ScheduledTask." return $remote_data } else { Write-Verbose -Message "$server`: NULL." return $null } } catch { Write-Verbose -Message "$server`: Error useing remote command Get-ScheduledTask: $_" Write-Verbose -Message "$server`: Switch to SCHTASK." $remote_schtask_data = Invoke-SCHTasks -server $server -user $user return $remote_schtask_data } } catch { Write-Verbose -Message "$server`: No remote command Get-ScheduledTask: $_" Write-Verbose -Message "$server`: Switch to SCHTASK." if ($Strict) { $remote_schtask_data = Invoke-SCHTasks -server $server -user $user -Strict } else { $remote_schtask_data = Invoke-SCHTasks -server $server -user $user } return $remote_schtask_data } } #return Get-ScheduledTask -CimSession $server -ErrorAction stop | Where-Object {$_.author -match $user -or $_.Principal.userid -match $user} | Select-Object @{Name="Hostname"; Expression = {$_.PSComputerName}}, taskname, @{Name="Run As User"; Expression = {$_.Principal.userid}}, Author, URI } catch { #Write-verbose -Message "Get-ScheduledTask error: $_" #Write-Verbose -Message "$server`: Switching to schtasks command." #Invoke-SCHTasks -server $server -user $user Write-Verbose -Message $_ return $null } } #26 end <# if ([bool](Get-Command Get-ScheduledTask -ErrorAction SilentlyContinue)) { Write-Verbose -Message 'Running ''Get-ScheduleTask''' $data = Get-ScheduledTask -CimSession $server.trim() | Where-Object {$_.author -match $user.trim() -or $_.Principal.userid -match $user.trim()} | Select-Object hostname, taskname, @{Name="Run As User"; Expression = {$_.Principal.userid}}, Author, URI foreach ($record in $data) { $record.hostname = $server.trim() } return $data } else { Write-Verbose -Message 'Running system command ''schtasks''' if ($server.trim() -match $env:COMPUTERNAME -or $server.trim() -eq "localhost") { try { $tasks=Invoke-Expression "schtasks /query /fo csv /NH /v" -ErrorAction Stop } catch { Write-Error -Message "Failed to invoke ""schtasks"": $_" } } else { try { $tasks=Invoke-Expression "schtasks /query /s $server.trim() /NH /fo csv /v" -ErrorAction Stop } catch { Write-Error -Message "Failed to invoke ""schtasks"": $_" } } Write-Verbose -Message 'Filtering scheduled tasks' $header = "HostName","TaskName","Next Run Time","Status","Logon Mode","Last Run Time","Last Result","Author","Task To Run","Start In","Comment","Scheduled Task State","Idle Time","Power Management","Run As User","Delete Task If Not Rescheduled","Stop Task If Runs X Hours and X Mins","Schedule","Schedule Type","Start Time","Start Date","End Date","Days","Months","Repeat: Every","Repeat: Until: Time","Repeat: Until: Duration","Repeat: Stop If Still Running" return $tasks | ConvertFrom-Csv -Header $header | Where-Object {$_."Run As User" -match $user -or $_."Author" -match $user}| Select-Object hostname, @{Name="taskname"; Expression = {($_.TaskName).split("\")[-1]}}, "run as user", author, @{Name="URI"; Expression = {$_.TaskName}} -Unique } # end if #> } } |