Get-RemoteLogonEvent

SYNOPSIS

This function queries the security log for EventIds 4624,4625,4634,4778,4779.

SYNTAX

TimeSpan (Default)

Get-RemoteLogonEvent [[-Credential] <PSCredential>] [-Since <TimeSpan>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw]
 [<CommonParameters>]

Default

Get-RemoteLogonEvent [[-ComputerName] <String[]>] [[-Credential] <PSCredential>] [[-MaxEvents] <Int64>]
 [-Oldest] [-Raw] [<CommonParameters>]

TimeRange

Get-RemoteLogonEvent [[-Credential] <PSCredential>] [[-StartTime] <DateTime>] [[-EndTime] <DateTime>]
 [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]

DESCRIPTION

This function queries the security log for EventIds 4624,4625,4634,4778,4779.

EXAMPLES

Example 1

PS C:\> Get-RemoteLogonEvent -ComputerName WKSTN47 -MaxEvents 5

ComputerName : WKSTN47.contoso.com
TimeCreated  : 5/11/2018 1:16:51 PM
Id           : 4625
Level        : Information
EventType    : Logon Failure
UserName     : WKSTN47\GUEST
IpAddress    :
LogonID      :
Reason       : Account currently disabled.
LogonMethod  : Network

ComputerName : WKSTN47.contoso.com
TimeCreated  : 5/11/2018 11:15:51 AM
Id           : 4625
Level        : Information
EventType    : Logon Failure
UserName     : CONTOSO\CARROLLD
IpAddress    : 127.0.0.1
LogonID      :
Reason       : Unknown user name or bad password.
LogonMethod  : Interactive (local system)

PARAMETERS

-ComputerName

Gets events from the event logs on the specified computer(s). Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.

Type: String[]
Parameter Sets: Default
Aliases: IPAddress, __Server, CN

Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Credential

Specifies a user account that has permission to perform this action. The default value is the current user.

Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.

Type: PSCredential
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EndTime

Specifies the end of the time period for the event log query.

Type: DateTime
Parameter Sets: TimeRange
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MaxEvents

Specifies the maximum number of events this function returns. The default is to return all the events in the logs.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Oldest

Returns the events in oldest-first order. By default, events are returned in newest-first order.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-StartTime

Specifies the beginning of the time period for the event log query.

Type: DateTime
Parameter Sets: TimeRange
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Raw

Use this switch to provide the raw event log record for the function.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Since

Specifies the beginning of the time period for the event log query based on the given amount of time.

Type: TimeSpan
Parameter Sets: TimeSpan
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String[]

OUTPUTS

System.Object

NOTES

Online Version