Query servers for multiple processes running under a single user

Why hello there old friends! Turns out the Powersloths have been just that – sloths. While they have still been coding away they have been a tad lazy with updating code to the site. Here comes a nice little one to get back into the feeling;

Here is the scenario – you have a number of Microsoft session hosts running a nice and buggy app being delivered to end users. Due to a bug in the app a single user can spawn multiple instances of Microsoft Word without realising. This edge case could degrade the session host performance and impact the end user experience.

The following script queries your session hosts remotely and enumerates the users running WINWORD.EXE – this can be substituted for the executable you require to identify. It then does a check to determine which users have more than 1 instance running under their username.

Based on this information – your support team could then take action to either end the users session and clean up the processes or capture the user actions that caused the egde case bug to be triggered.

Alternatively, you could extend the script to kill the oldest process – but this is dangerous and could cause data loss for the end user if not all scenarios are considered.

# Import required for painful old editions of Powershell
import-module activedirectory

# Declare the servers you want to inspect
$servers = "SessionHost1","SessionHost2","SessionHost3"
# We want to count the amount of impacted users
$counter = 0

# Loop through our server list
foreach ($server in $servers) {
	# Output while processing
	$server
	# Query WMI to capture all users running the process name specified in our filter - in this case WINWORD.exe
	$users = Get-WmiObject -Class Win32_Process -Filter "Name= 'WINWORD.exe'" -ComputerName $server | foreach {$_.GetOwner().User}

	# Create a hash table to populate with our user results from above
	$colUserTable = @{}
	# Populate the hash table with the user results - incrementing the value when a user has multiple results
	$users | foreach {$colUserTable["$_"] += 1}
	# Check each key for a value greater than 1 then query Active Directory for a valid name from the username and print to console
	$colUserTable.keys | where {$colUserTable["$_"] -gt 1} | foreach {$counter++; $userName = get-aduser $_ | select -expand name; write-host "Duplicate instance $_ aka $username";  }
}
# Output our results
write-host "------------------------------"
write-host "$counter users with multiple WINWORD instances running"