Get-WinEvent with non-administrative user
This gives our support people instant access to the latest history without any elevated privileges....
$event = Get-WinEvent -FilterHashtable @{LogName='Security';Id=4740} -MaxEvents 1
$ns = @{'ns'='http://schemas.microsoft.com/win/2004/08/events/event'}
...you could see. the hashpi file offline..between a period of time...
Get-WinEvent -path "C:\temp\*Security*.evtx" -max 10 -FilterHashtable @{Providername="Microsoft-Windows-Security-Auditing"; id=4740; StartTime=1/7/2013; EndTime=1/8/2013}
But powershell return error:
Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
answer was :" put quotes around them or explicitly define them as DateTime."
Get-WinEvent -path "C:\temp\*Security*.evtx" -max 10 -FilterHashtable @{Providername="Microsoft-Windows-Security-Auditing"; id=4740; StartTime=1/7/2013; EndTime=1/8/2013}
But powershell return error:
Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
answer was :" put quotes around them or explicitly define them as DateTime."
No comments:
Post a Comment