I'm trying to write a script to log the IP address of the Windows client from which the user initiated Remote Desktop to log in to the Windows Server. How to capture the IP address of the client in the Server?
So, you ignore proxy...
without domain controller:
If you want to use "pure" Powershell 2.0:
$Wtsapi32 = @'
using System;
using System.Text;
using System.Runtime.InteropServices;
namespace Wtsapi32 {
    public enum WTS_INFO_CLASS
    {
        WTSInitialProgram,
        WTSApplicationName,
        WTSWorkingDirectory,
        WTSOEMId,
        WTSSessionId,
        WTSUserName,
        WTSWinStationName,
        WTSDomainName,
        WTSConnectState,
        WTSClientBuildNumber,
        WTSClientName,
        WTSClientDirectory,
        WTSClientProductId,
        WTSClientHardwareId,
        WTSClientAddress,
        WTSClientDisplay,
        WTSClientProtocolType
    };  
    [StructLayout(LayoutKind.Sequential)]
    public struct WTS_CLIENT_ADDRESS
    {
        public uint AddressFamily;
        [MarshalAs(UnmanagedType.ByValArray, SizeConst = 20)]
        public byte[] Address;
    }
    public class PS {
        public const IntPtr WTS_CURRENT_SERVER_HANDLE = IntPtr.Zero;
        public const int WTS_CURRENT_SESSION = -1;
        [DllImport("wtsapi32.dll",  EntryPoint="WTSQuerySessionInformation")]
        public static extern bool WTSQuerySessionInformation(
            System.IntPtr hServer, 
            int sessionId, 
            WTS_INFO_CLASS wtsInfoClass, 
            out System.IntPtr ppBuffer, 
            out uint pBytesReturned);
        [DllImport("wtsapi32.dll",  EntryPoint="WTSFreeMemory")]
        public static extern void WTSFreeMemory(
            IntPtr memory);         
    }
}
'@
Add-Type -TypeDefinition $Wtsapi32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With