Powershell Script

Welcome Forums General PowerShell Q&A Powershell Script

Viewing 3 reply threads
  • Author
    Posts
    • #122310
      Participant
      Topics: 1
      Replies: 1
      Points: -6
      Rank: Member

      I am trying to extract Logs from event viewer security log.  I am trying to find the easiest way.  I believe using Powershell to get this data is the easiest way.  I am trying to get a nice excel document on employee logons to a server.  The event codes i need are 4985 and 5140. They typically login using Citrix Xenapp.   What I need is the Subject details to show.  The security ID or Account name would be an easy way to identify a user.

      I can get the event logs using Get-Eventlog using this command.  What i need is the account name or security ID of specific user, otherwise that other data would be useless for me.

      Any help would be Greatly Appreciated,

       

      Michael D.

    • #122318
      Participant
      Topics: 8
      Replies: 1271
      Points: 1,020
      Helping Hand
      Rank: Community Hero

      Try using Get-WinEvent which will allow you to get the full details in events.

      https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/20/filtering-event-log-events-with-powershell/

    • #122328
      Participant
      Topics: 5
      Replies: 33
      Points: 7
      Rank: Member

      Hi Michael,

      I had created a script sometime back to get account lockout notifications. below is a a snippet form that which might help get what you are after

      $Events = Get-WinEvent -ComputerName $DC -FilterHashtable @{LOGNAME='Security';ID="4985"} -ErrorAction Stop
      foreach ($event in $Events){
      $Properties= [PSCustomObject][Ordered]@{
      "Username"=$event.Properties[0].value
      "ReferenceComputer"=$Event.Properties[1].value
      "LockOutTime"=$event.TimeCreated
      "Domain"=$Event.Properties[5].value
      "DC"=$Event.Properties[4].value -replace"\$"
      }
      $Properties
      }
      Script published on the PowerShell gallery for reference
      Regards
      Shihan
    • #122568
      Participant
      Topics: 1
      Replies: 1
      Points: -6
      Rank: Member

      Thank you this information pointed me in the right direction and I was able to obtain what I needed.

Viewing 3 reply threads
  • The topic ‘Powershell Script’ is closed to new replies.