Chapter 6. Using PowerShell to audit user logon events

Mike F. Robbins

Event logs are special files on Windows-based workstations and servers that record system activity. Do you want to know if there’s a problem with your Windows-based servers? Almost anything you’d want to know about what has occurred on your servers, whether an informational event, a warning, an error, or a security event, is contained in the event logs. When’s the last time you took a look at all of the event logs on each of your servers?

Beginning with Windows Vista and Windows Server 2008 the event logs were redesigned in an XML-based log format, and newer operating systems such as Windows Server 2012 can contain over 200 different event logs, depending on what roles ...

Get PowerShell Deep Dives now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.