New
#1
When is my account being used?
Ever have the situation where several people have your logon password AND something goes wrong AND everyone denies having logged on?
Or would you simply like to when you logged on 2 days ago?
Try out this little example which simply involves copying and pasting into powershell. Resutls placed on your desktop:
Code:# Start copy with very next line; Copy thru 2nd EXIT $events = Get-WinEvent -FilterHashtable @{logname='application'; id=4101; level=4} ` -verbose:$false -erroraction:silentlycontinue $events | format-table -property timecreated,message -auto -wrap ` > $env:userprofile\desktop\LOGONTIMES.txt EXIT EXIT # Places LOGONTIMES.TXT on your DESKTOP # # **********************INSTRUCTIONS************************** # STEP 1 ***************************************************** # RUN PowerShell as administrator # START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | YES # ************************************************************ # STEP 2 ***************************************************** # COPY, using CTRL + C, every line down thru both EXIT statements # PASTE into Powershell by right-clicking at the PowerShell Prompt # (Ctrl V does not work) # ************************************************************ # OUTPUT File LOGONTIMES.txt is placed on your DESKTOP # # ***************** NOTE - POWERSHELL VERSION***************** # if you receive this error msg: # Get-WinEvent: The system can not find the path specified # you need to update your PowerShell # you must be using Powershell 2.0 or later. # # To determine your Powershell version: # Run PowerShell # enter following $host.version # you should see at least: # Major Minor Build Revision # ----- ----- ----- -------- # 2 0 -1 -1 # # If you do not see the above, update your Vista/Win 7. # ************************************************************ # # *************** NOTE - EXECUTION POLICY********************* # If you haven't set the execution policy, you may need to: # Run PowerShell # enter following without the # # Set-ExecutionPolicy -executionpolicy remotesigned # # ************************************************************ # # ************************************************************ #