Skip to main content
Microsoft
Scripting
Scripting
  • Home
  • DevBlogs
    • Visual Studio
    • Visual Studio Code
    • Visual Studio for Mac
    • DevOps
    • Developer support
    • CSE Developer
    • Engineering@Microsoft
    • Azure SDK
    • IoT
    • Command Line
    • Perf and Diagnostics
    • Dr. International
    • Notification Hubs
    • Math in Office
    • DirectX
    • PIX
    • SurfaceDuo
    • Startups
    • Sustainable Engineering
    • Windows AI Platform
    • C++
    • C#
    • F#
    • Visual Basic
    • TypeScript
    • PowerShell Community
    • PowerShell Team
    • Python
    • Q#
    • JavaScript
    • Java
    • Java Blog in Chinese
    • .NET
    • .NET MAUI
    • Blazor
    • ASP.NET
    • NuGet
    • Xamarin
    • #ifdef Windows
    • Apps for Windows
    • Azure Depth Platform
    • Azure Government
    • Bing Dev Center
    • Microsoft Edge Dev
    • Microsoft Azure
    • Microsoft 365 Developer
    • Old New Thing
    • Windows MIDI and Music dev
    • Windows Search Platform
    • Azure Cosmos DB
    • Azure Data Studio
    • Azure SQL Database
    • OData
    • Revolutions R
    • SQL Server Data Tools

    Scripting Blog

    A place to learn about PowerShell and share stories of automation

    event logs - Scripting Blog

    How Can I Retrieve Information From My Event Logs Regarding Unsuccessful Logons?
    How Can I Retrieve Information From My Event Logs Regarding Unsuccessful Logons?
    January 26, 2005 Jan 26, 2005 01/26/05
    ScriptingGuy1
    Hey, Scripting Guy! How can I scan the event logs of my servers and return only information about unsuccessful logons?-- LC Hey, LC. We’ll assume that you have enabled security auditing on your servers. If you haven’t, that’s step one. What you’ll want to do is - at a minimum - audit for logon event failures. That way every time ...
    Comments are closed.0event logsLogs and monitoringScripting Guy!
    How Can I Return Only the Last Record Written to an Event Log?
    How Can I Return Only the Last Record Written to an Event Log?
    January 4, 2005 Jan 4, 2005 01/4/05
    ScriptingGuy1
    Hey, Scripting Guy! How can I read only the last record written to an event log? In other words, what is the WMI equivalent to the SQL statement Select Top 1?-- KM Hey, KM. Well, as it turns out WMI doesn’t have an equivalent to the Select Top command; for better or worse, the WMI Query Language (WQL) has only a small subset of the ...
    Comments are closed.0event logsLogs and monitoringScripting Guy!
    Hey, Scripting Guy! Can I Retrieve Just Failure Events from the Security Event Log?
    Hey, Scripting Guy! Can I Retrieve Just Failure Events from the Security Event Log?
    October 26, 2004 Oct 26, 2004 10/26/04
    ScriptingGuy1
    Hey, Scripting Guy! Is there a way to retrieve just Failure Audit events from the Security event log?-- KA Hey, KA. Interesting, isn’t it: any time the subject is failure, people turn to the Scripting Guys. What makes you think we know anything about failure? Ok, you’re right: silly question. As far as your question goes, it’s very ...
    Comments are closed.0event logsLogs and monitoringScripting Guy!
    • Previous page
    • Page 1
    • …
    • Page 11
    • Page 12
    • Page 13
    PowerShell Resources

    PowerShell Documentation

    Scripting Forums

    PowerShell Forums

    PowerShell on TechCommunity

    PowerShell.org - Community Resource

    Topics
    .csv.NET.NET Core.NET Framework2009 Summer Scripting Games2010 Scripting Games2011 Scripting Games2012 Scripting Games2013 Scripting Games2014 Scripting Games2014 Winter Scripting Games2015 Holiday Series4.070-410Aaron NelsonAccess.ApplicationACLsactivationActive DirectoryActive Directory Application Mode (ADAM)ActiveX Data Objects (ADO)Adam BertramAdam DriscollAdam HaynesAdmin First StepsADO.NETADODB.RecordsetADOR.RecordsetADSIAdvancedAdvanced Event 1Advanced Event 10Advanced Event 2Advanced Event 3Advanced Event 4Advanced Event 5Advanced Event 6Advanced Event 7Advanced Event 8Advanced Event 9Advanced FunctionsAlan ByrneAlan MorrisAlex Verboonand jobsAnders WahlqvistAndroidAndy SchneideranonymousAntivirusApp-VapplicationsArnaud PetitjeanArrayArraysarrays hash tablesarrays hash tables and dictionary objectsarrays hashtables and dictionary objectsASCIIAshley McGloneAsia GandeckaASP.NET Coreassociators ofAttributesAudioAuthorsAutomatic VariablesAutomationAzureAzure AutomationAzureADbackground jobsbackupbackup and system restorebadgeBartek BielawskiBashbasic computer informationbasic hardware and firmwareBasic Hardware informationbasic informationBasicsBATCHmanbatteries and power suppliesBeginnerBeginner Event 1Beginner Event 10Beginner Event 2Beginner Event 3Beginner Event 4Beginner Event 5Beginner Event 6Beginner Event 7Beginner Event 8Beginner Event 9Ben PearceBen VierckBest Practicebest practicesBhargav ShuklaBill GrauerBill StewartBitLockerBITSBob StevensBoe ProxBrandon ShellbreakpointBrent FormanBrian HitneyBrian JackettBrian LalancetteBrian WilhiteBrian WrenBruce PayetteBuck WoodyBuild your own cmdletC#CertificatecertificatesChad Millerchange journalChendrayan VenkatesanChris BelleeChris CampbellChris ConteChris DentChris O'PreyChris WeaverChris WuChrissy LeMaireChristopher WeaverCIMClassesClaudia Fergusonclient applicationsclient-side managementclient-side printingClint HuffmanClinton KnightcloudCloud ServicesColorCOMCOM and DCOMComma and other deliminited filesComma and other delimited filesComma separated and other delimited filescommentscommunityCompare-Objectcompressed filescomputer accountsComputersConfiguration ManagerConnectconsoleContinuous DeliveryContinuous IntegrationCorey RothCPUCredential GuardCryptographyCSV and other delimited filesDACLS and SACLSDan ReistDan SheehanDaniel CruzDatadatabasesDataGriddatesdates and timesDave BishopDave WyattDavid MoravecDavid O’BriendebugdebuggerdebuggingDebugging and DiagnosticsDefenderDennis WhitneyDeployment and UpgradeDesktopdesktop managementDesktop MgmtDesktop TasksDHCPDHCP serverDia Reevesdialog boxesdirectoriesDirectorydisk drives and volumesdisk quotasDisksDISMdisplaying outputDNSDNS serverDockerDoctor ScriptoDomain ControllersdomainsDon GillDon JonesDon WalkerDoug Finkedownloading filesDSCdue datesed wilsonEdgeeditorendpointenumEnumsEnvironmentenvironmental variableEric Wrighterror handlingEvent 1Event 10Event 2Event 3Event 4Event 5Event 6Event 7Event 8Event 9event logsevent logs and monitoringEventing and MonitoringEventsEvents and Loggingevents and monitoringExcel spreadsheetExcel.ApplicationExchangeExchange 2010Exchange Onlineexpert commentatorsExtensionsF#FacebookfaqFAST ESP 5.3 SP3Filefilesfiles and foldersfilesystemFileSystemObjectfirewallfoldersFormatting outputfunctionsFundamentalsGary JacksonGary SiepserGeneral Managementgeneral management tasksGeneral Mgmt TasksGeorges MaheuGershon LevitzGet-Randomgetting startedGlenn SizemoreGlyn CloughgraphicalgraphicsGreg LindsayGroup PolicyGroupinggroupsguest bloggerGuestBloggerGUIhardwarehashhash tablesHashTableshashtables and dictionary objectsHeath LawsonHelpHey Scripting GuyHistorical DebuggingHistoryholiday 2013Honorary Scripting GuysHyper-VHyperVI was thereIan FarrigniteIgnite 2015Ignite 2016IISIngo KarsteininputInstallIntellisenseinternetInternet ExplorerInternet Explorer 7Internet SearchInvoke-RestMethodInvoke-WebRequestiOSIoTISEISE editingJakob Gottlieb SvendsenJames BrundageJames KehrJames O’NeillJan Egil RingJason HelmickJason HofferleJason MorganJason RybergJason WalkerJavaJD PlatekJeff WoutersJeffery HicksJeremy EngelJim ChristopherjobsJoel BennettJoel StidleyJoel VickeryJohn FerringerJohn SlackJon NewmanJonathan AllenJonathan MeddJonathan TylerJonathan YongJosh AtwellJosh GavantJsonjudgesjudging criteriaJudith HermanJune BlenderJustin Hallk Scripting TechniquesKarl MitschkeKeith HIllKeith MayerKen McFerronKendal VanDykeKevin KlineKirk MunroKlaus SchulteKory ThacherkorytLaerte JuniorleaderboardLee HolmesLido PagliaLINUXlocal account managementlocal accountslocal accounts and Windows NT 4.0 accountslocal user account managementLog Analyticslog parserLogging and eventslogon sessionslogsLogs and loggingLogs and monitoringloopingLYNCManagementMarc CarterMarc van OrsouwMarco ShawMark MorowczynskiMark SchillMark Tabladillomasking passwordsmathMatt BongioviMatt GraeberMatt HesterMatt HitchcockMatt TisdaleMatthew HitchcockMatthew KerfootMCSEMDTMediaMessaging & Communicationmessaging and communicationMetadataMichael BlumenthalMichael FrommholdMichael WellsMicrosoft 365Microsoft AccessMicrosoft ExcelMicrosoft Exchange 2003Microsoft Exchange 2007Microsoft Exchange 2010Microsoft OfficeMicrosoft OutlookMicrosoft PowerPointMicrosoft VisioMicrosoft WordmigrationMike F RobbinsMike FalMike O'NeillMike PfeifferMike StiersMini Scripting GamesMobilemoduleModule BrowsermodulesmonitoringMonitoring and logsMSOMSmultimediaNano ServerNetwork Adapternetwork adaptersnetworkingNicholas CainNicolas BlankNiklas GoudeNorman DrewsNumbersObjectsODBCOfficeOffice 365Office 365 APIOffice 365 Sitesofficial rulesOliver Lipkauoperating systemOracleother Directory ServicesOUsOut-GridViewOutputpacket tracespage filesparameterPartnerspasswordsPatrick MercierPaul GreeleyPaul HiginbothamPaulo MorgadoPer Pedersenperformanceperipherals and devicespermission and securitypermissionsPesterPhil Braniffpinvokepipelineplain-text logsPodcastportsports and slotspower managementPowerCLIPowerShellPowerShell 3powershell 3.0PowerShell 4PowerShell 4.0Powershell 5PowerShell 5.0PowerShell best practicesPowerShell GalleryPowerShell GetPowerTipPowerTip: Find Default Session Config Connection in PowerShell Summary: Find the default session configuration connection in Windows PowerShell. How can I determine what default session configurationPrintprint serversPrint Servers Print Queues and print jobsprinter ports drivers and devicesPrintersprintingprize winnersProcessprocessesProcmonprofileprofilespromptProvidersPSDrivesPSGalleryPSGetPSProvidersPSReadLinequery completion serverqueuesQuick-Hits FridayRagnar HarperRaimund AndreeRajesh B. RavindranathRavikanthRaymond Mitchellreceiving inputRecycle BinReferenceRegExregistryregular expressionsreliabilityremoteRemote EndpointremotingReportingReportsResource Guideresource ownershipretrieving inputRhys CampbellRich PrescottRichard DiphoornRichard SiddawayRob CampbellRobert RobeloRod ColledgeRODCRohn EdwardsRolf MasuchRPCRSATRSSRSS feedsRudolf Veselyrunningrunning scriptsRunspaceSANSchedule Tasksscheduled taskscheduled tasksSchemaSCOM 2007 R2ScopeScott GeScript AnalyzerScript BrowserScript Centerscript signingScripterScripti9ng TechniquesScriptingScripting GamesScripting Games 2014Scripting Guy!Scripting Techniquescripting techniquesscripting templatesScripting WifeSean KearneySean McCownsearchSearchingsearching Active DirectorysecuritySelect-Stringsending emailsending mailSeriesSerkan VarogluServer ApplicationsServer-Side ManagementServer-Side updateserversservers WSUSService Packs and Hot Fixesservice packs and hotfixesservicessessionsSeth BrandesShadow CopyShane HoeyShane NelsonShannon Mashared folders and mapped drivesSharePointSharePoint 2010SharePoint OnlineShay Levyshell.applicationSherif TalaatShubert SomerSiegfried Jagottsites and subnetsSkyDriveSMTP MailSnapshot DebuggerSnippetsSoftwareSolutionssortingspecial folderssplattingsponsorsponsorsSQLSQL 2012SQL ServerSQL Server 2008SQL Server 2012startup and shutdownStefan RothStefan StrangerStephane van GulickSteve JefferySteve MurawskiSteven MurawskistorageStreamsstringstring manipulationStringsstudy guideSusan FerrellSusan HillSysinternalsSystem CenterSystem RestoreTaylor GibbTCP/IPTeamsTechEdTechEd 2014TechEd_2010TechEd2012Teresa WilsonTerminal ServerTerri DonahueTest ExperienceTestingTexttext filesText manipulationTFSThe MAKThiyaguThomas LeeThomas RaynerThomas StringerTibor SoosTim Boltontime syncTime SynchronizationTimeSpanTimothy WarnerTips and TricksTobias WeltnerTodd KlindtTom MoserTom ShinderTome Tanasovskitop 20tracetracestranslationTrevor SullivantroubleshootingTypesupdatesUpgradeUSBuser accountsuser groupsusersusing the Internetusing the webVariableVariablesVBVBScriptVBScript migrationVersionversion informationvideovideo and displayvideo RAMVideosVinay PamnaniVirtual Machinesvirtual serverVisual StudioVisual Studio 2017Visual Studio App CenterVisual Studio CodeVisual Studio for MacVisual Studio IDEVisual Studio Live ShareVisual Studio MarketplaceVisual Studio PreviewsVisual Studio SubscriptionsVisual Studio Tools for AIVisual Studio Tools for XamarinVMMWalid MoselhyWeb pages and HTAsWeb Serviceweb servicesWebinarWebsitesWeekend ScripterWei Hao LimWill AndersonWill MartinWill SteeleWilliam StanekWin32Windows 10Windows 7Windows 8Windows 8.1Windows AzureWindows ExplorerWindows Management FrameworkWindows Media Player and audioWindows NTWindows PEWindows PowerShellWindows PowerShell 3.0Windows PowerShell 4.0Windows PowerShell 5Windows PowerShell 5.0Windows PowerShell ISEWindows PowerShllWindows ServerWindows Server 2003Windows Server 2008 R2Windows Server 2012Windows Server 2012 R2Windows Server 2016Windows To GoWindows UpdateWindows VistaWindows Windows PowerShellWinNTWinRMWMIWordWord.ApplicationWorkflowWorkflowsWPFWPKwrap upwritingwriting scriptsWshShellWSUSXamarinXMLxpathYan PanYuri DiogenesZachary LoeberZune and other media devices
    Archive
  • October 2021
  • February 2021
  • September 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • November 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • August 2017
  • July 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005
  • April 2005
  • March 2005
  • February 2005
  • January 2005
  • December 2004
  • November 2004
  • October 2004
  • September 2004
  • August 2004

    • Stay informed

    Login
    Code Block
    What's new
    • Surface Pro 8
    • Surface Laptop Studio
    • Surface Pro X
    • Surface Go 3
    • Surface Duo 2
    • Surface Pro 7+
    • Windows 11 apps
    • HoloLens 2
    Microsoft Store
    • Account profile
    • Download Center
    • Microsoft Store support
    • Returns
    • Order tracking
    • Virtual workshops and training
    • Microsoft Store Promise
    • Flexible Payments
    Education
    • Microsoft in education
    • Devices for education
    • Microsoft Teams for Education
    • Microsoft 365 Education
    • Education consultation appointment
    • Educator training and development
    • Deals for students and parents
    • Azure for students
    Business
    • Microsoft Cloud
    • Microsoft Security
    • Azure
    • Dynamics 365
    • Microsoft 365
    • Microsoft Advertising
    • Microsoft Industry
    • Microsoft Teams
    Developer & IT
    • Developer Center
    • Documentation
    • Microsoft Learn
    • Microsoft Tech Community
    • Azure Marketplace
    • AppSource
    • Microsoft Power Platform
    • Visual Studio
    Company
    • Careers
    • About Microsoft
    • Company news
    • Privacy at Microsoft
    • Investors
    • Diversity and inclusion
    • Accessibility
    • Security
    English (United States)
    • Sitemap
    • Contact Microsoft
    • Privacy
    • Manage cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2022