I'm trying to write a script to log the IP address of the Windows client from which the user initiated Remote Desktop to log in to the Windows Server. How to capture the IP address of the client in the Server?
How to get the IP Address of the Remote Desktop Client?
What about multiple clients came from the same proxy server? –
Groggery
Let's just assume there's no proxy ;-) –
Briar
Out curiosity, how are you executing your script? –
Euphoria
So, you ignore proxy...
- using environment var: CLIENTNAME in domain you can resolve it back to IP
without domain controller:
- using WMI script you can get to Event Log, source: Security, look for category Logon/Logoff where username = environment variable USERNAME
If you are using PowerShell or a .NET language, the trunk version of the Cassia library supports this -- just grab the latest build from the build server (login as a guest and use the artifacts link). To print the remote addresses of all sessions on the local server, you might use something like the following:
ITerminalServicesManager manager = new TerminalServicesManager();
foreach (ITerminalServicesSession session in manager.GetLocalServer().GetSessions())
{
IPEndPoint ipEndPoint = session.RemoteEndPoint as IPEndPoint;
if (ipEndPoint != null)
{
Console.WriteLine(ipEndPoint.Address);
}
}
If you want to use "pure" Powershell 2.0:
$Wtsapi32 = @'
using System;
using System.Text;
using System.Runtime.InteropServices;
namespace Wtsapi32 {
public enum WTS_INFO_CLASS
{
WTSInitialProgram,
WTSApplicationName,
WTSWorkingDirectory,
WTSOEMId,
WTSSessionId,
WTSUserName,
WTSWinStationName,
WTSDomainName,
WTSConnectState,
WTSClientBuildNumber,
WTSClientName,
WTSClientDirectory,
WTSClientProductId,
WTSClientHardwareId,
WTSClientAddress,
WTSClientDisplay,
WTSClientProtocolType
};
[StructLayout(LayoutKind.Sequential)]
public struct WTS_CLIENT_ADDRESS
{
public uint AddressFamily;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
public byte[] Address;
}
public class PS {
public const IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero;
public const int WTS_CURRENT_SESSION = -1;
[DllImport("wtsapi32.dll", EntryPoint="WTSQuerySessionInformation")]
public static extern bool WTSQuerySessionInformation(
System.IntPtr hServer,
int sessionId,
WTS_INFO_CLASS wtsInfoClass,
out System.IntPtr ppBuffer,
out uint pBytesReturned);
[DllImport("wtsapi32.dll", EntryPoint="WTSFreeMemory")]
public static extern void WTSFreeMemory(
IntPtr memory);
}
}
'@
Add-Type -TypeDefinition $Wtsapi32
I get an "UnrecognizedToken" error when I execute this in Powershell –
Diplomacy
Are you sure you used the complete code, since a few lines seem to fall out of the code block? –
Sing
© 2022 - 2024 — McMap. All rights reserved.