# searchWindowsEventsLog.ps1
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
function searchWindowsEvents{
param(
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
)
$filter=@{
LogName=$logType
ID=$eventId
StartTime=[datetime]::Now.AddDays(-$daysBack)
}
$events=Get-WinEvent -FilterHashTable $filter -ComputerName $computername -EA Ignore|select -first $limit
$events|?{$_.Message -like $messageLike}
}
searchWindowsEvents $computername $logType $eventId $daysBack $limit $messageLike
September 21, 2022September 21, 2022
0 Comments