Reputation: 109
powershell get-winevent remotely windows 7
Working on grabbing windows 7 event logs remotely using powershell. My powershell script works locally.
Get-WinEvent -ComputerName localhost -LogName Security -MaxEvents 10
to access it remotely I modified it for
Get-WinEvent -ComputerName remotecomputer -LogName Security -MaxEvents 10
To access it remotely I modified the windows firewall to allow Remote Event Log Management (RPC) to allow it but I still get -
"Get-WinEvent : Could not retrieve information about the Security log. Error: Attempted to perform an unauthorized operation.."
Saw some blogs about adding customsd to registry but that looked like it was for windows servers. Also tried using -Credentials and no luck, also, remote registy and rpc services are both running.
Any suggestions?
Upvotes: 0
Views: 1088
Answers (1)
Reputation: 109
I wanted to put my answer on here that with admin rights it seems like you can query powershell logs using xml over the network. If you use xml it seems to use the windows credentials and winrm isn't necessary. We didn't even have to enable "remote event log management" in the windows firewall. If you have the right windows credentials it just works. Powershell is incredible.
Upvotes: 0
Related Questions
- How do I install pip on Windows?
- PowerShell says "execution of scripts is disabled on this system."
- Setting Windows PowerShell environment variables
- How to run a PowerShell script
- Ignoring directories in Git repositories on Windows
- Determine installed PowerShell version
- Filename too long in Git for Windows
- Get-WinEvent and Select-string filter line result