Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $Srv ="my_term_server_name"
- $DaysDelay = 2
- $MilliSecDelay = $DaysDelay*24*60*60*1000
- $Filter = @"
- <QueryList>
- <Query Id="0" Path="Security">
- <Select Path="Security">*[System[(EventID=4624) and TimeCreated[timediff(@SystemTime) <= $MilliSecDelay]] and EventData[Data[@Name='LogonType']='10']]</Select>
- </Query>
- </QueryList>
- "@
- $LogOnEvents = Get-WinEvent -FilterXml $Filter -ComputerName $Srv -ErrorAction SilentlyContinue
- $TermLogonEvents=@()
- Foreach($Event in $LogOnEvents ){
- $UserName = $Event.Properties[5].value
- $Ip = $Event.Properties[18].value
- $logObj = New-Object PSobject -Property @{ComputerName = $Srv;Time = $Event.TimeCreated; UserName = $UserName ;ClientIPAddress = $Ip; ClientHostName = (Resolve-DnsName $Ip -ErrorAction SilentlyContinue).NameHost }
- $TermLogonEvents = $TermLogonEvents + $logObj
- }
- $TermLogonEvents| sort Time| ft -AutoSize
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
