hii...
on win2003 i use eventquery.vbs to retrieve security log logon/logout infos for administrative user.on a dc.
it works very well. now on server 2008 it works anymore.
i find wevtutil to retrieve sec log infos, but it seems to me very complex and i´m not able to acomplish the goal.
wevtutil qe security /rd:true /f:text /q:"*[System/EventID=4634 and 4624] and *[EventData/Data[@Name='TargetUserName']='Administrator']" /c:20 >c:\temp\log.txt
retrieves the necessary infos but only for the last 20. i´d like to narrow it down for the last 24 hours.
i´m not able to add the " TimeCreated[timediff" option.
what i need is: to have a time option to narrow it down, to add more targetusernames and that the file (log.txt) should be named with the date of the day when the script was started. e.p. 20091216_dc1.log
thanxs for any help
kuno
on win2003 i use eventquery.vbs to retrieve security log logon/logout infos for administrative user.on a dc.
it works very well. now on server 2008 it works anymore.
i find wevtutil to retrieve sec log infos, but it seems to me very complex and i´m not able to acomplish the goal.
wevtutil qe security /rd:true /f:text /q:"*[System/EventID=4634 and 4624] and *[EventData/Data[@Name='TargetUserName']='Administrator']" /c:20 >c:\temp\log.txt
retrieves the necessary infos but only for the last 20. i´d like to narrow it down for the last 24 hours.
i´m not able to add the " TimeCreated[timediff" option.
what i need is: to have a time option to narrow it down, to add more targetusernames and that the file (log.txt) should be named with the date of the day when the script was started. e.p. 20091216_dc1.log
thanxs for any help
kuno