Tracking Hardware Events and Auditing Hardware Events

This topic contains 1 reply, has 2 voices, and was last updated by  Joel Sallow 1 week, 6 days ago.

  • Author
    Posts
  • #98130

    Jason Colotario
    Participant

    Hello,

    I would like to be able to extract all hardware events/change info from win2k12 r2. I need to know when any system component is removed/added, etc. I have extracted the hardware related event providers but if anyone can share how they extract all of that type of hardware information I would greatly appreciate that. Then I will create custom alerting so that we will automatically be alerted if some hardware component changes.

    Best regards,

    Jason

  • #98140

    Joel Sallow
    Participant

    The event providers are meant to be your point of call for this data. Doubtless they get their data directly from some Win32 API — that's largely beyond the scope of PowerShell code and well into C# and .NET implementations. That said, if you could figure out what they were doing to pull that data, you absolutely could drop the C# code into a PowerShell script or a custom .dll and interact with it from PS, but I would be expecting a significantly greater degree of difficulty with pulling the raw data here than with most PS operations.

    The event providers exist for a reason — generally because interfacing directly with that data is going to be a major pain.

You must be logged in to reply to this topic.