13 lines
No EOL
699 B
PowerShell
13 lines
No EOL
699 B
PowerShell
$srv = "localhost"
|
|
$FilterXPath = '<QueryList><Query Id="0"><Select>*[System[EventID=21]]</Select></Query></QueryList>'
|
|
$RDPAuths = Get-WinEvent -ComputerName $srv -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" -FilterXPath $FilterXPath
|
|
[xml[]]$xml = $RDPAuths | Foreach {$_.ToXml()}
|
|
$EventData = Foreach ($event in $xml.Event) {
|
|
New-Object PSObject -Property @{
|
|
"Connection Time" = (Get-Date ($event.System.TimeCreated.SystemTime) -Format 'yyyy-MM-dd hh:mm K')
|
|
"User Name" = $event.UserData.EventXML.User
|
|
"User ID" = $event.UserData.EventXML.SessionID
|
|
"User Address" = $event.UserData.EventXML.Address
|
|
"Event ID" = $event.System.EventID
|
|
}}
|
|
$EventData | ft |