Powershell Script

Welcome Forums General PowerShell Q&A Powershell Script

This topic contains 3 replies, has 3 voices, and was last updated by

10 months, 2 weeks ago.

  • Author
  • #122310

    Topics: 1
    Replies: 1
    Points: -6
    Rank: Member

    I am trying to extract Logs from event viewer security log.  I am trying to find the easiest way.  I believe using Powershell to get this data is the easiest way.  I am trying to get a nice excel document on employee logons to a server.  The event codes i need are 4985 and 5140. They typically login using Citrix Xenapp.   What I need is the Subject details to show.  The security ID or Account name would be an easy way to identify a user.

    I can get the event logs using Get-Eventlog using this command.  What i need is the account name or security ID of specific user, otherwise that other data would be useless for me.

    Any help would be Greatly Appreciated,


    Michael D.

  • #122318

    Topics: 8
    Replies: 1203
    Points: 706
    Helping Hand
    Rank: Major Contributor

    Try using Get-WinEvent which will allow you to get the full details in events.


  • #122328

    Topics: 5
    Replies: 33
    Points: 7
    Rank: Member

    Hi Michael,

    I had created a script sometime back to get account lockout notifications. below is a a snippet form that which might help get what you are after

    $Events = Get-WinEvent -ComputerName $DC -FilterHashtable @{LOGNAME='Security';ID="4985"} -ErrorAction Stop
    foreach ($event in $Events){
    $Properties= [PSCustomObject][Ordered]@{
    "DC"=$Event.Properties[4].value -replace"\$"
    Script published on the PowerShell gallery for reference
  • #122568

    Topics: 1
    Replies: 1
    Points: -6
    Rank: Member

    Thank you this information pointed me in the right direction and I was able to obtain what I needed.

The topic ‘Powershell Script’ is closed to new replies.