$comp = '<IP address>' # if in domain, use windows machine name$username = '<M

1. $comp = '<IP address>' # if in domain, use windows machine name
2. $username = '<Machine/admin_name>'
3. $password = '<Password>'
4. $pass = ConvertTo-SecureString -AsPlainText $password -Force
5. $SecureString = $pass
6. $MySecureCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Username,$SecureString
7.  
8. #gwmi win32_service –credential $MySecureCreds –computer 172.16.199.162
9.  
10. #Invoke-WmiMethod -computer $comp –credential $MySecureCreds -Class win32_process -Name create -ArgumentList "notepad"
11.  
12. $Date = (Get-Date).AddMinutes(-2) #process create
13. Get-WinEvent -computer $comp –credential $MySecureCreds -FilterHashTable @{ LogName = "Microsoft-Windows-Sysmon/Operational"; StartTime = $Date} |where {$_.ID -eq 1} |select *