How can a penetration tester enumerate RDP connection history for users currently logged into the system using PowerShell?

First, retrieve all user SIDs with `Get-WmiObject -Class Win32_UserAccount`. Then for each SID, query the registry path `Registry::HKEY_USERS\SID\Software\Microsoft\Terminal Server Client\Servers`. Use a `foreach` loop with a try-catch block to handle missing keys. The PowerShell script in the article demonstrates this and also displays the account status. This method only works for users who have an active session, similar to accessing multi-user login scenarios where multiple users are logged in simultaneously.