我正在尝试获取LogonUI.exe进程的用户名,但我变得空白。我怎样才能获得正确的用户名。
$logfile = 'C:\Users\Desktop\Process\log.txt'
if (!(Test-Path $logfile)) {
New-Item $logfile -type file
}
do
{
$owners = @{}
gwmi win32_process |% {$owners[$_.handle] = $_.getowner().user}
$data = get-process | select processname,Id,PrivilegedProcessorTime,UserProcessorTime,@{l="Owner";e={$owners[$_.id.tostring()]}}
$allProcs = @(Get-WmiObject win32_process)
foreach($val in $allProcs) {
$name = $val.ProcessName
"Before $name" | out-file -filepath $logfile -append
if ($name -eq 'LogonUI.exe') {
$id = $val.Id
$processtime = $val.PrivilegedProcessorTime.TotalMilliseconds
$processtime1 = $val.UserProcessorTime.TotalMilliseconds
$usename = $val.getowner().user
"process value $name" | out-file -filepath $logfile -append
"process value $id" | out-file -filepath $logfile -append
#"process value $processtime"
#"process value $processtime1"
"process value $usename" | out-file -filepath $logfile -append
"Finished" | out-file -filepath $logfile -append
}
}
Start-Sleep -s 30
} while(1)
这里我试图获取LogonUI.exe进程的用户名我总是把它作为空白。如果我有多个用户登录到机器,则所有LogonUI用户名都显示为空白。如何获取LogonUI进程的正确用户名