CODEWITHSUNDEEP
powershellpowershell-2.0elevated-privileges
Glowie
Glowie

Reputation: 2309

Powershell v2 Get-Eventlog: Attempted to perform an unauthorized operation

I am using Powershell v2 this is my script

param([string]$Sender_IP=$(throw " Sender's IP is required."))
$eventList = @()
Get-EventLog "Security" -computername $Sender_IP `
        | Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[4].Length -gt 10 -and $_.ReplacementStrings[5] -notlike "*$"} `
        | Select-Object -First 2 `
        | foreach-Object {
            $row = "" | Select UserName, LoginTime
            $row.UserName = $_.ReplacementStrings[5]
            $row.LoginTime = $_.TimeGenerated
            $eventList += $row
            }
$UserId = $eventList[1].UserName

$UserID

The only time the code works is if I pass in the IP address of my current server.

I am logged into this server using my administrator credentials and I even selected Run-As Administrator to run powershell.

Why am I getting the following error when using other IP addresses that I can ping and have administrative access to:

Get-EventLog : Attempted to perform an unauthorized operation.
At script_path_and_name.ps1:5 char:13
+ Get-EventLog <<<<  "Security" -computername $Sender_IP `
    + CategoryInfo          : NotSpecified: (:) [Get-EventLog], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetEventLogCommand

@Adi Inbar

Remote Registry Service is running, and firewall is off. Yet it is not working.

And when I try running with a service account, it doesn't work either.

But the strange thing is, when I run with service account, and enter in my own IP address I get error, 

Get-EventLog : Requested registry access is not allowed.

Upvotes: 2

Views: 6630

Answers (1)

Owen B
Owen B

Reputation: 1381

When you run it as the service account on your machine is the Powershell prompt elevated?

I was getting that error (registry access not allowed) when running Powershell in a non-elevated prompt on my machine.

Do you know what the Execution Policy is on the remote machines? I'm not sure if it matters as the cmdlet remotes itself, but it might be worth checking.

Also, just a FYI:

The Pipe is a natural line break anyway, you don't need the backticks (just don't leave any spaces after the pipe).

For example:

cmdlet1 |
 cmdlet2 |
  cmdlet 3

Upvotes: 1

Related Questions