草庐IT

WinEvent

全部标签

arrays - PowerShell,Get-WinEvent -FilterHashTable ID 和数组的奇怪行为

我想做什么?我使用-FilterHashTable运行Get-WinEvent函数,为ID参数提供一组有趣的事件ID。$IDS=4720,4722,4723,4724,4725,4726,4727,4728,4729,4730,4731,4732,4733,4734,4735,4737,4738,4740,4741,4742,4743,4744,4745,4746,4747,4748,4749,4750,4751,4752,4753,4754,4755,4756,4757,4758,4759,4760,4761,4762,4763,4764,4767,4781Get-WinEvent-

windows - 从 Get-WinEvent 获取用户名

我正在尝试查找在服务器上卸载程序的用户。这是我正在使用的脚本和结果。从事件查看器中,我能够看到用户,但看起来Get-WinEvent返回UserId但没有用户名。有没有办法从Get-WinEvent返回事件1034的用户名?Get-WinEvent-FilterHashtable@{LogName='Application';Id=1034}-MaxEvents1|format-listTimeCreated:6/17/20131:41:27PMProviderName:MsiInstallerId:1034Message:WindowsInstallerremovedtheprodu