Chapter 6. Using PowerShell to audit user logon events

Mike F. Robbins

Event logs are special files on Windows-based workstations and servers that record system activity. Do you want to know if there’s a problem with your Windows-based servers? Almost anything you’d want to know about what has occurred on your servers, whether an informational event, a warning, an error, or a security event, is contained in the event logs. When’s the last time you took a look at all of the event logs on each of your servers?

Beginning with Windows Vista and Windows Server 2008 the event logs were redesigned in an XML-based log format, and newer operating systems such as Windows Server 2012 can contain over 200 different event logs, depending on what roles ...

Get PowerShell Deep Dives now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

PowerShell Deep Dives by Aleksandar Nikolic, Oisin Grehan, Richard Siddaway, Jeffery Hicks

Chapter 6. Using PowerShell to audit user logon events

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly