@echo off
REM (C) 2008 Microsoft Corporation
REM All Rights Reserved
set outputfile=%temp%\interactive-logon-events.xml
if "%1" NEQ "" set outputfile=%1
REM The next command is all one line and has no carriage returns
REM The only spaces in the XPath are around the AND keywords
wevtutil qe Security /q:"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and Task=12544 and (EventID=4624)] and EventData[Data[@Name='LogonType']='2']]" /e:Events > %outputfile%
start %outputfile%
set outputfile=
wevtutil qe System /q:"*[System[Provider[@Name='Microsoft-Windows-Power-Troubleshooter']]]" /c:1 /f:text /rd:true
No comments:
Post a Comment