Home/ Questions/Q 232439
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T20:01:03+00:00

I’m building a script to read the Security Log from several computers. I can

  • 0

I’m building a script to read the Security Log from several computers. I can read the Security log from my local machine with no problem when using the Get-EventLog command, but the problem with it is that I can’t run it against a remote machine (the script is for powershell v1). The command below never returns any results, although that with any other LogFile, it works perfectly:

gwmi -Class Win32_NTLogEvent | where {$_.LogFile -eq “Security”}

I’ve done some research, and I seems to be a impersonation issue, but the -Impersonation option for the Get-WmiObject does not seem to be implemented. Is there anyway around this problem? The solution could be running the Get-EventLog on a remote machine somehow, or dealing with the impersonation issue so that the security log can be accessed.
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could use .NET directly instead of going through WMI. The scriptblock below will give you the first entry in the security log

    $logs = [System.Diagnostics.EventLog]::GetEventLogs('computername')
$security = $logs | ? {$_.log -like 'Security'} 
$security.entries[0]
    • 0