Public/Get-LogonFailureEvent.ps1
|
function Get-LogonFailureEvent { [CmdLetBinding()] param( [Parameter(ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)] [Alias('IPAddress','__Server','CN')] [string[]]$ComputerName='localhost', [ValidateNotNull()] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty, [datetime]$StartTime, [datetime]$EndTime, [int64]$MaxEvents, [switch]$Oldest, [switch]$Raw ) Begin { $FilterHashtable = @{ LogName = "Security" Id = 4625,4771 } if ($StartTime) { $FilterHashTable.Add("StartTime",$StartTime) } if ($EndTime) { $FilterHashTable.Add("EndTime",$EndTime) } $ParameterSplat = @{} if ($Credential) { $ParameterSplat['Credential'] = $Credential } if ($MaxEvents) { $ParameterSplat['MaxEvents'] = $MaxEvents } if ($Oldest) { $ParameterSplat['Oldest'] = $true } } Process { if ($Raw) { Get-MyEvent -ComputerName $ComputerName -FilterHashtable $FilterHashTable @ParameterSplat } else { Get-MyEvent -ComputerName $ComputerName -FilterHashtable $FilterHashTable @ParameterSplat | ConvertFrom-EventLogRecord -EventRecordType 'LogonFailureEvent' } } end { } } |