Hi,
I like to get event log from remote server but it takes so long to get the information I need.
When I run this
Get-EventLog -logname Security -ComputerName $computerName -EntryType $EntryType -InstanceId "4740"
This takes around 20-30 minutes to complete
I try this
Get-WinEvent`
-ComputerName$computerName`
-FilterHashtable@{LogName="Security";Id=4740;}|Where-object{$_.message-like("*"+$InUserID+"*"
)}
Which take few second but it doesn't return anything.
What I like is to get following information from the event.
Date, Time, Event ID, User ID, PC which Account was locked on, Server Name
Something like this
4740,AUDIT SUCCESS,Microsoft-Windows-Security-Auditing,Tue Jan 27 14:55:33 2015,No User,A user account was locked out. Subject: Security ID: S-1-5-18 Account Name: serv$ Account Domain: dm Logon ID: 0x3e7 Account That Was Locked Out: Security ID: S-1-5-21-85745802-1543857936-274329 Account Name: username Additional Information: Caller Computer Name: pc number
