Recent Logins to Machine

05/24/2024 8:25 am EDT

The following script should be run in powershell ISA as Administartor and should return the last 30 days of user logins to that machine.

$Events = Get-WinEvent -FilterHashtable @{
Logname = 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational'
ID = 1149
StartTime = (Get-Date).AddDays(-31)
}
$EventObjects = @()
$Events | % {
$EventXML = [xml]$_.ToXml()
$obj = New-Object -TypeName PSObject -Property @{
Username = $EventXML.Event.UserData.EventXML.Param1
IP = $EventXML.Event.UserData.EventXML.Param3
Timestamp = [datetime]$EventXML.Event.System.TimeCreated.SystemTime
}
$EventObjects += $obj
}

$EventObjects | Select-Object Username, IP, Timestamp
 

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

Copyright © 2024-26 Bold Group All rights reserved.