I am attempting to get this PS script going to pull the Security log from multiple machines and only search for the Event ID of 4624 and only show me the logs that contain "Logon Type: 2" or interactive logon. I have everything else working except for the part of obtaining only those logs for interactive logon's only. Here is a snip of my script, if anyone has any idea how to get this going it would be greatly appreciated. If I take the 2 out of "Logon Type" it works and I get everything, but if I have anything after that it does not kick any errors, but it doesn't yield results either. Yes, I have verified that I have interactive logon events during my filtered timeframe. Thanks.
$server; Get-WinEvent -computername $server -FilterHashTable @{Logname=$logname;ID=$eventid;StartTime=$starttime;EndTime=$endtime} | where { $_.Message | Select-String "Logon Type: 2" }
Tim
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…