PS-Commands/Scripts/Log-Logon.ps1

$srv = "localhost"
$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'
$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath
[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}
$EventData = Foreach ($event in $xml.Event) {
New-Object PSObject -Property @{
"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')
"User Name" = $event.UserData.EventXML.User
"User ID" = $event.UserData.EventXML.SessionID
"User Address" = $event.UserData.EventXML.Address
"Event ID" = $event.System.EventID
}}
$EventData | ft
Add scripts 2023-08-17 13:45:36 +03:00			`$srv = "localhost"`
			`$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'`
			`$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath`
			`[xml[]]$xml = $RDPAuths \| Foreach {$_.ToXml()}`
			`$EventData = Foreach ($event in $xml.Event) {`
			`New-Object PSObject -Property @{`
			`"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')`
			`"User Name" = $event.UserData.EventXML.User`
			`"User ID" = $event.UserData.EventXML.SessionID`
			`"User Address" = $event.UserData.EventXML.Address`
			`"Event ID" = $event.System.EventID`
			`}}`
			`$EventData \| ft`