Scripting Blog

How Can I Retrieve Information From My Event Logs Regarding Unsuccessful Logons?

January 26, 2005 Jan 26, 2005 01/26/05

ScriptingGuy1

Hey, Scripting Guy! How can I scan the event logs of my servers and return only information about unsuccessful logons?-- LC Hey, LC. We’ll assume that you have enabled security auditing on your servers. If you haven’t, that’s step one. What you’ll want to do is - at a minimum - audit for logon event failures. That way every time ...

How Can I Return Only the Last Record Written to an Event Log?

January 4, 2005 Jan 4, 2005 01/4/05

ScriptingGuy1

Hey, Scripting Guy! How can I read only the last record written to an event log? In other words, what is the WMI equivalent to the SQL statement Select Top 1?-- KM Hey, KM. Well, as it turns out WMI doesn’t have an equivalent to the Select Top command; for better or worse, the WMI Query Language (WQL) has only a small subset of the ...

Hey, Scripting Guy! Can I Retrieve Just Failure Events from the Security Event Log?

October 26, 2004 Oct 26, 2004 10/26/04

ScriptingGuy1

Hey, Scripting Guy! Is there a way to retrieve just Failure Audit events from the Security event log?-- KA Hey, KA. Interesting, isn’t it: any time the subject is failure, people turn to the Scripting Guys. What makes you think we know anything about failure? Ok, you’re right: silly question. As far as your question goes, it’s very ...