Get-RemoteLogonEvent¶
SYNOPSIS¶
This function queries the security log for EventIds 4624,4625,4634,4778,4779.
SYNTAX¶
TimeSpan (Default)¶
Get-RemoteLogonEvent [[-Credential] <PSCredential>] [-Since <TimeSpan>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]
Default¶
Get-RemoteLogonEvent [[-ComputerName] <String[]>] [[-Credential] <PSCredential>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]
TimeRange¶
Get-RemoteLogonEvent [[-Credential] <PSCredential>] [[-StartTime] <DateTime>] [[-EndTime] <DateTime>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]
DESCRIPTION¶
This function queries the security log for EventIds 4624,4625,4634,4778,4779.
EXAMPLES¶
Example 1¶
PS C:\> Get-RemoteLogonEvent -ComputerName WKSTN47 -MaxEvents 5 ComputerName : WKSTN47.contoso.com TimeCreated : 5/11/2018 1:16:51 PM Id : 4625 Level : Information EventType : Logon Failure UserName : WKSTN47\GUEST IpAddress : LogonID : Reason : Account currently disabled. LogonMethod : Network ComputerName : WKSTN47.contoso.com TimeCreated : 5/11/2018 11:15:51 AM Id : 4625 Level : Information EventType : Logon Failure UserName : CONTOSO\CARROLLD IpAddress : 127.0.0.1 LogonID : Reason : Unknown user name or bad password. LogonMethod : Interactive (local system)
PARAMETERS¶
-ComputerName¶
Gets events from the event logs on the specified computer(s). Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.
Type: String[] Parameter Sets: Default Aliases: IPAddress, __Server, CN Required: False Position: 0 Default value: None Accept pipeline input: True (ByPropertyName, ByValue) Accept wildcard characters: False
-Credential¶
Specifies a user account that has permission to perform this action. The default value is the current user.
Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.
Type: PSCredential Parameter Sets: (All) Aliases: Required: False Position: 1 Default value: None Accept pipeline input: False Accept wildcard characters: False
-EndTime¶
Specifies the end of the time period for the event log query.
Type: DateTime Parameter Sets: TimeRange Aliases: Required: False Position: 3 Default value: None Accept pipeline input: False Accept wildcard characters: False
-MaxEvents¶
Specifies the maximum number of events this function returns. The default is to return all the events in the logs.
Type: Int64 Parameter Sets: (All) Aliases: Required: False Position: 4 Default value: None Accept pipeline input: False Accept wildcard characters: False
-Oldest¶
Returns the events in oldest-first order. By default, events are returned in newest-first order.
Type: SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False
-StartTime¶
Specifies the beginning of the time period for the event log query.
Type: DateTime Parameter Sets: TimeRange Aliases: Required: False Position: 2 Default value: None Accept pipeline input: False Accept wildcard characters: False
-Raw¶
Use this switch to provide the raw event log record for the function.
Type: SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: False Accept pipeline input: False Accept wildcard characters: False
-Since¶
Specifies the beginning of the time period for the event log query based on the given amount of time.
Type: TimeSpan Parameter Sets: TimeSpan Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
CommonParameters¶
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.