nprokofieff/PS-Commands
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
Alex Kup 2023-04-11 14:28:33 +03:00 committed by GitHub
parent e286b0db0b
commit abd856d7f4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

50
README.md
View file

@ -4,6 +4,7 @@
- [Regex](#Regex)
- [Items](#Items)
- [Event](#Event)
- [XML](#XML)
- [Application](#Application)
- [Network](#Network)
- [SMB](#SMB)
@ -451,31 +452,32 @@
`$obj += [PSCustomObject]@{Time = $temp_fw.TimeCreated; Type = $type; Port = $port; Name = $name}` \
`}`
### XML
`if (Test-Path $CredFile) {` \
`$Cred = Import-Clixml -path $CredFile` \
`} elseif (!(Test-Path $CredFile)) {` \
`$Cred = Get-Credential -Message "Enter credential"` \
`if ($Cred -ne $null) {` \
`$Cred | Export-CliXml -Path $CredFile` \
`} else {` \
`return` \
`}` \
`}`
`$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'` \
`$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath` \
`[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}` \
`$EventData = Foreach ($event in $xml.Event) {` \
`New-Object PSObject -Property @{` \
`"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')` \
`"User Name" = $event.UserData.EventXML.User` \
`"User ID" = $event.UserData.EventXML.SessionID` \
`"User Address" = $event.UserData.EventXML.Address` \
`"Event ID" = $event.System.EventID` \
`}}` \
`$EventData`
# XML
```
if (Test-Path $CredFile) {
$Cred = Import-Clixml -path $CredFile
} elseif (!(Test-Path $CredFile)) {
$Cred = Get-Credential -Message "Enter credential"
if ($Cred -ne $null) {
$Cred | Export-CliXml -Path $CredFile
} else {
return
}
}
$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'
$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath
[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}
$EventData = Foreach ($event in $xml.Event) {
New-Object PSObject -Property @{
"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')
"User Name" = $event.UserData.EventXML.User
"User ID" = $event.UserData.EventXML.SessionID
"User Address" = $event.UserData.EventXML.Address
"Event ID" = $event.System.EventID
}}
$EventData
```
# Application
### Get-Package