使用 python 执行 powershell 命令

Question

I want to execute power-shell command using my python script to find windows RDP event detail but it's not working.it shown error:

'C:\Windows\System32\powershell.exe' is an internal or external command, It is not recognized as an operable program or batch file.

PowerShell command:

Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" | Where-Object {$_.ID -eq "1149"} 

Here is my python code:

import subprocess

subprocess.call('C:\Windows\System32\powershell.exe Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" | Where-Object {$_.ID -eq "1149"}', shell=True)

Answer 1

Instead of using PowerShell, You can use pywin32 module to get the Windows events.

If there is no specific reason to use PowerShell then you can achieve it by using following code snippet

import win32evtlog # install pywin32 module

server = 'localhost' # target computer to get event logs
logtype = 'Microsoft-Windows-TerminalServices-RemoteConnectionManager' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)

while True:
    events = win32evtlog.ReadEventLog(hand, flags,0)
    if events:
        for event in events:
            if "Microsoft-Windows-Terminal-Services-RemoteConnectionManager" in event.SourceName: 
                print ('Event Category:', event.EventCategory)
                print ('Time Generated:', event.TimeGenerated)
                print ('Source Name:', event.SourceName)
                print ('Event ID:', event.EventID)
                print ('Event Type:', event.EventType)
                data = event.StringInserts
                if data:
                    print ('Event Data:')
                    for msg in data:
                        print (msg)
                print