Remote PowerShell – PSSession WhoAmI


For those who worked with NT and Novell Netware many, many moons ago they became familiar with a handy function– who am I.  Windows folks may also recall it when working with the Client and Gateway Services for Netware, and whoami.exe was also added to the NT Resource Kit.  Remember the days of all the fun res kit tools? *

The whoami command does exactly what you would expect, it tells you who you are.  It saves having to look at the name tag attached to your trousers.  In the more modern versions, it is able to do much more than just state your name, but now this is is digressing….

When working with PowerShell remoting, and in this post mple we are looking at the connections to Exchange Online, sometimes we want that whoami functionality.  We would like to know which account was used to initiate the session.  Take the below example, which of these PSSessions is my administrator connection?

Who Made Who - Which Connections is Which

Would it not be great to be able to do a WhoAmI to work out what connection is what, and the credentials used to authenticate to it?

 

PowerShell Instance Identity

It is possible to use something like the below to look at the user identity which is associated to the PowerShell instance

[System.Security.Principal.WindowsIdentity]::GetCurrent()

This is the initial verbose output which have the user name squirrled amongst a lot of other output.  This is highlighted with the yellow arrow below.

Typically it would be better to run

[System.Security.Principal.WindowsIdentity]::GetCurrent().Name

Which will return only the name.  This is the succinct data which is underlined.

PowerShell User Context

 

However that is for the PowerShell instance, and does not really help us out for the credentials which were used to connect to the remote PSSesions.  Time for plan B methinks…..

 

Getting PSSession User Details

To actually see which user is associated to a given PSSession we need to examine the PSSession.

Let’s take the below PSSession with ID 1 as a starting example, and work with that.  Then we will expand that to loop through all of the PSSessions on a machine.

Get-PSSession -Id 1

Get-PSSession -Id 1 | Format-List

Examining PSSession Connection Details

Alternatively, we could also use the Get-Member cmdlet to expose the properties and methods and pick through the options.  The choice, as they say, is yours!

 

The PSSession’s Runspace property contains the underlying connection details, so will examine that in more detail.

(Get-PSSession -Id 1).Runspace.

Examining PSSession Runspace Details

From there we will drill into the OriginalConnectioninfo.  The below expands the steps out logically.  Our you can simply jump to the last one if you so desire.

(Get-PSSession -Id 1).Runspace.OriginalConnectionInfo

(Get-PSSession -Id 1).Runspace.OriginalConnectionInfo.Credential

(Get-PSSession -Id 1).Runspace.OriginalConnectionInfo.Credential.UserName

Voila! - The User Context Behind The PSSession

This will let us see the original credentials provided when the PSSession was established for a given PSSession. It can be extended to report on all sessions which are present.

The below is clunky but will associate each username to the respective PSSession.

 

Get-PSSession | ForEach {$_.Name +”  ” +  $_.Runspace.OriginalConnectionInfo.Credential.UserName}

 

Cheers,

Rhoderick

 

* – I will exclude uptomp.exe from that list.  So very thankful to not have to swap HALs out manually nowadays.  So very thankful for not blowing up machines nowadays….

Comments (2)

  1. turbomcp says:

    cool stuff
    thanks

  2. Great tip!! Thanks for sharing!!

Skip to main content