Powershell在gpedit脚本中获取用户名

Question

I'm using the gpedit.msc Scripts for Login/Logout/Shutdown/Start events. The following PowerShell script runs on those events:

$web = New-Object System.Net.WebClient
[String] ${stUserDomain},[String]  ${stUserAccount} = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name.split("\")
$str = $web.DownloadString("https://srv4923/event.php?username=" + ${stUserAccount} + "&workstation=" + $env:ComputerName + "&event=" + $args[0])
$str

The PHP script then generated an entry in a MySQL DB. The script works perfectly fine for login and logout events but for shutdown/start events the username is not "myusername" anymore but it's "SYSTEM". Can that prevented somehow by getting the username in a different way? I understand that when the boot event is triggered the user may not be logged in and therefore there is no username available. But when the user shuts the machine down or reboots it, we should still know who did?

Answer 1

As for this...

"...shutdown/start events ... myusername" anymore but it's "SYSTEM"...

This is not a PowerShell code issue, but an OS by design requirement process.

The simple answer is nope, as there will never be a user at startup. It is always SYSTEM and has to be. The Windows MSGINA.dll does not kick in until the system is in a ready state, then it presents the MSGINA logon for the user, whether you decided to use a auto logon or not.

You have to correlate the logoff and shutdown events to get who was last logged on before the shut down.

Yet remember and admin can remote shutdown the system as can a scheduled task or even a power outage or electrical system surge. So, even with that correlation, you have to keep that in mind.