Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $comp = '<IP address>' # if in domain, use windows machine name
- $username = '<Machine/admin_name>'
- $password = '<Password>'
- $pass = ConvertTo-SecureString -AsPlainText $password -Force
- $SecureString = $pass
- $MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString
- #gwmi win32_service –credential $MySecureCreds –computer 172.16.199.162
- #Invoke-WmiMethod -computer $comp –credential $MySecureCreds -Class win32_process -Name create -ArgumentList "notepad"
- $Date = (Get-Date).AddMinutes(-2) #process create
- Get-WinEvent -computer $comp –credential $MySecureCreds -FilterHashTable @{ LogName = "Microsoft-Windows-Sysmon/Operational"; StartTime = $Date} |where {$_.ID -eq 1} |select *
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement