# searchWindowsEventsLog.ps1
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
function searchWindowsEvents{
param(
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
)
$filter=@{
LogName=$logType
ID=$eventId
StartTime=[datetime]::Now.AddDays(-$daysBack)
}
$events=Get-WinEvent -FilterHashTable $filter -ComputerName $computername -EA Ignore|select -first $limit
$events|?{$_.Message -like $messageLike}
}
searchWindowsEvents $computername $logType $eventId $daysBack $limit $messageLike
Related Post
PowerShell: Email Users with Expiring Passwords
# PasswordExpirationNotification.ps1 # Description: # This script performs the following tasks # a. Query Active…
Using SysPrep To Move Windows Users Directory
Assumptions: Windows 2019 Server Standard ISO is mounted as E:\ D:\Users will be the new…
iSeries Access ODBC Setup
Run ODBC Data Source Administrator > click on System DSN