powershell get-winevent remotely windows 7
Question
Working on grabbing windows 7 event logs remotely using powershell. My powershell script works locally.
Get-WinEvent -ComputerName localhost -LogName Security -MaxEvents 10
to access it remotely I modified it for
Get-WinEvent -ComputerName remotecomputer -LogName Security -MaxEvents 10
To access it remotely I modified the windows firewall to allow Remote Event Log Management (RPC) to allow it but I still get -
"Get-WinEvent : Could not retrieve information about the Security log. Error: Attempted to perform an unauthorized operation.."
Saw some blogs about adding customsd to registry but that looked like it was for windows servers. Also tried using -Credentials and no luck, also, remote registy and rpc services are both running.
Any suggestions?
1 answers
solution1
0 ACCPTED 2016-05-06 22:29:12
I wanted to put my answer on here that with admin rights it seems like you can query powershell logs using xml over the network. If you use xml it seems to use the windows credentials and winrm isn't necessary. We didn't even have to enable "remote event log management" in the windows firewall. If you have the right windows credentials it just works. Powershell is incredible.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.