2010 Scripting Games: Advanced Event 2–Retrieving Workstation Start Time

ScriptingGuy1

April 27th, 20100 0

2010 Scripting Games badge  Bookmark and Share

Note: We are no longer accepting entries for this event. See the due dates page for a list of all event due dates.

 

About This Event

Division

Advanced

Date of Event

April 27, 2010

Due Date

May 4, 2010

 

Event Scenario

You need to retrieve the time that a workstation started. Because you still have a mixture of Windows 7, Windows Vista, and Windows XP computers, you cannot confidently use any of the newer event log entries. Instead, your research has revealed that you can get a pretty good estimate of the time a workstation started by querying the event log for the entry that states when the event log started. The event log entry you are looking for is seen in the following image.

Image of desired event log entry

 

So far, the Advanced scenario is the same as the Beginner scenario. Now for the Advanced criteria.

Design Criteria

·         Your script should permit the use of alternative credentials when running against a remote computer. This means that if the user launching the script does not have sufficient rights to run against a remote computer, he should be able to provide them from the command line.

·         Your script should permit querying any of the traditional event logs.

·         Your script should permit querying for any event ID.

·          Your script should permit the user to specify a specific date or date range from which the events are to be returned.

·         Optionally, you should be able to query for events based upon a wildcard character pattern match in the event description.

·         Design points awarded for addition of command-line help and proper error handling. 

 

 

2010 Scripting Games Links

Ed Wilson and Craig Liebendorfer, Scripting Guys

 

ScriptingGuy1