SELECT user,host,time, p.name, p.cmdline, p.cwd, p.root FROM logged_in_users liu, processes p WHERE liu.pid = p.pid and liu.type='user' and liu.user <> '' ORDER BY time;

$computerName = $env:COMPUTERNAME
$results = @()
Get-CimInstance Win32_Process | ForEach-Object {
    $proc = $_
    # Get owner information
    $ownerInfo = $proc | Invoke-CimMethod -MethodName GetOwner
    if ($ownerInfo.ReturnValue -eq 0 -and -not [string]::IsNullOrEmpty($ownerInfo.User)) {
        # Create a custom object with the desired fields.
        # Note: Windows does not expose current working directory (cwd) or process root via WMI,
        # so these fields will be returned empty.
        $results += [PSCustomObject]@{
            user    = $ownerInfo.User
            host    = $computerName
            time    = $proc.CreationDate
            name    = $proc.Name
            cmdline = $proc.CommandLine
            cwd     = ""
            root    = ""
        }
    }
}
# Sort the results by time (process creation date) and output to stdout.
$results | Sort-Object time | Format-Table -AutoSize