Search for logon events in Security events using powershell

From Michael's Information Zone

Jump to navigation Jump to search

Get-EventLog -LogName 'Security' -InstanceId 4624 | select timegenerated,@{Label="User";Expression={$_.replacementStrings[5]}},@{Label="Machine";Expression={$_.replacementStrings[18]}} | where {($_.User -notlike "*$*")

To search specific date ranges, add the following

Get-EventLog -LogName 'Security' -InstanceId 4624 -After (date).AddDays(-1)...

Retrieved from "https://wiki.1701technology.com/index.php?title=Search_for_logon_events_in_Security_events_using_powershell&oldid=610"