# searchWindowsEventsLog.ps1
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
function searchWindowsEvents{
param(
$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"
)
$filter=@{
LogName=$logType
ID=$eventId
StartTime=[datetime]::Now.AddDays(-$daysBack)
}
$events=Get-WinEvent -FilterHashTable $filter -ComputerName $computername -EA Ignore|select -first $limit
$events|?{$_.Message -like $messageLike}
}
searchWindowsEvents $computername $logType $eventId $daysBack $limit $messageLike
Related Post
PowerShell: Force Outlook to Compact On Exiting
Forcing Outlook to return free disk space to RDS nodes upon user exiting would be…
PowerShell: Installing or Including an Application On a Computer or Scripting Session
Sample Usage: PS C:\WINDOWS\system32> includeapp -appName notepadplusplus -appExe notepad++notepadplusplus version 7.91.0.0 already exists.True function includeApp($appName,$appExe=$False,$version){…
Basic CSS: Use Clockwise Notation to Specify the Padding of an Element
<style>.injected-text {margin-bottom: -25px;text-align: center;}.box {border-style: solid;border-color: black;border-width: 5px;text-align: center;}.yellow-box {background-color: yellow;padding: 20px 40px 20px 40px;}.red-box…