Event Log Readers

Pesquisando logs de segurança usando o wevtutil

wevtutil qe Security /rd:true /f:text | Select-String "/user"

Passando credenciais para wevtutil

wevtutil qe Security /rd:true /f:text /r:share01 /u:julie.clay /p:Welcome1 | findstr "/user"

Pesquisando logs de segurança usando Get-WinEvent

Get-WinEvent -LogName security | where { $_.ID -eq 4688 -and $_.Properties[8].Value -like '*/user*'} | Select-Object @{name='CommandLine';expression={ $_.Properties[8].Value }}

PreviousWindows Built-in Groups NextDnsAdmins

Last updated 4 days ago