Skip to content

Instantly share code, notes, and snippets.

@martin77s
Created March 21, 2018 13:50
Show Gist options
  • Save martin77s/eb6de144d35a7cc386d1d98de95ec402 to your computer and use it in GitHub Desktop.
Save martin77s/eb6de144d35a7cc386d1d98de95ec402 to your computer and use it in GitHub Desktop.
Get-LogonReport
function Get-LogonReport {
param($ComputerName = $Env:COMPUTERNAME)
$filterXml = '<QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[(EventID=4624)]]</Select></Query></QueryList>'
$logonTypes = @{
2 = 'Interactive'
3 = 'Network'
4 = 'Batch'
5 = 'Service'
6 = 'Proxy'
7 = 'Unlock'
8 = 'NetworkCleartext'
9 = 'NewCredentials'
10 = 'RemoteInteractive'
11 = 'CachedInteractive'
12 = 'CachedRemoteInteractive'
13 = 'CachedUnlock'
}
$ComputerName | ForEach-Object {
$Computer = $_; Get-WinEvent -FilterXml $filterXml -ComputerName $Computer
} | Select-Object @{N='ComputerName';E={$Computer}},
@{N='Identity';E={'{0}\{1}' -f $_.Properties[6].Value, $_.Properties[5].Value}},
@{N='SID';E={$_.Properties[4].Value}},
@{N='LogonType';E={'{0}' -f ($logonTypes[[int]($_.Properties[8].Value)])}},
@{N='AuthenticationType';E={$_.Properties[10].Value}}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment