nprokofieff/PS-Commands
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add scripts

Browse source
This commit is contained in:
Alex Kup 2023-08-17 13:45:36 +03:00 committed by GitHub
parent 422934aef7
commit 350807c951
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 574 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Scripts/Log-Logon.ps1 Normal file
View file

@ -0,0 +1,13 @@
$srv = "localhost"
$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'
$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath
[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}
$EventData = Foreach ($event in $xml.Event) {
New-Object PSObject -Property @{
"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')
"User Name" = $event.UserData.EventXML.User
"User ID" = $event.UserData.EventXML.SessionID
"User Address" = $event.UserData.EventXML.Address
"Event ID" = $event.System.EventID
}}
$EventData | ft