Windows 10: PowerShell event log that happens every month.

Discus and support PowerShell event log that happens every month. in AntiVirus, Firewalls and System Security to solve the problem; Why is this event log happening every month?Should I be worried?My os is Windows 10 Home It happens in PowerShell/operational logTask Category: Execute... Discussion in 'AntiVirus, Firewalls and System Security' started by Uncreative_610, Oct 10, 2021.

  1. PowerShell event log that happens every month.


    Why is this event log happening every month?Should I be worried?My os is Windows 10 Home It happens in PowerShell/operational logTask Category: Execute a remote commandCreating Scriptblock text 1 of 1:# Copyright © 2008, Microsoft Corporation. All rights reserved.#Common utility functionsImport-LocalizedData -BindingVariable localizationString -FileName CL_LocalizationData# Function to get user troubleshooting historyfunction Get-UserTSHistoryPath { return "${env:localappdata}\diagnostics"}# Function to get admin troubleshooting historyfunction Get-AdminTSHistoryPath { return "${env:lo

    :)
     
    Uncreative_610, Oct 10, 2021
    #1
  2. ddelo Win User

    Export All Administrative Events to Excel

    To analyze events, from the Windows Event Viewer, there is a simple way to export all Administrative Events to Excel, with PowerShell.

    Exporting all Administrative Events to Excel is a simple two Step process, as described here:

    Step 1 - Create the Administrative Events View .xml file
    1. Open Eventviewer (%windir%\system32\eventvwr.msc)
    2. Navigate to: Event Viewer (Local) > Custom Views > Administrative Events
    3. In the “Actions” pane select “Filter Current Custom View”.
    4. Select the the XML tab.
    5. Press Ctrl+A to select all the XML code of the Custom View.
    6. Open a notepad, paste the selected code and save the file to your Desktop as AdmEvtView.xml


    Step 2 - Create the csv file with the events
    1. Download the ExportEvtCSV.zip file, which contains the script ExportEvtCSV.ps1 and unzip it, on your Desktop.
      It's not a fancy script, just basic PowerShell commands to create a csv file on the Desktop.
    2. In Windows Search, type “ISE” (without the quotes) to open “Windows PowerShell ISE” and Run as administrator
    3. To allow running the script, change the ExecutionPolicy, for this session. To do that, in the Console pane type:
      Code:
    4. In the Windows PowerShell ISE, open and run the script: ExportEvtCSV.ps1
      The script will create a csv file with a name YYYYMMDD.HHMM.csv on the Desktop
    5. When done, open the newly created .csv file, format the columns as needed and optionally save it as .xlsx, if you wish.
    That’s it! You now have all the Administrative Events in Excel for filtering and further analysis. PowerShell event log that happens every month. :)

    Now to the more technical hard stuff... *Confused

    There is a reason for running the script from within PowerShell ISE!

    It would be great if everything was also working perfectly, when running the script from an elevated PowerShell too.

    We can run it from an elevated PowerShell, which means that you just follow the Step 1, as above but for the Step 2 instead of the ISE you run the script from an elevated PowerShell.

    The problem is that it will work only for anybody who has en-US format for the dates. Everyone else, who has another format (i.e. en-GB, fr-FR, el-GR etc.), the dates are not translated properly by Excel (although the script uses the –UseCulture switch) and remain as text in the en-US format.

    I'm not sure if this a bug of the "export-csv" cmdlet, but although it runs the way it supposed to from within the ISE, from PowerShell there is a problem with the dates format.
    As I haven’t found a way to overcome this obstacle, any suggestion from the PowerShell gurus of the forum (like my good friend Shawn @Brink, for instance), is welcome.
     
    ddelo, Oct 10, 2021
    #2
  3. PKTeneja Win User
    Powershell logs

    Hi,

    I am looking forward to integrate Powershell logs with SIEM. However I observed we get limited powershell logs in event viewer. Is there any specific audit policy to be implemented to generate granular logs.

    Thanks
     
    PKTeneja, Oct 10, 2021
    #3
  4. Tenforo Active Member

    PowerShell event log that happens every month.

    Tenforo, Oct 10, 2021
    #4
Thema:

PowerShell event log that happens every month.

Loading...
  1. PowerShell event log that happens every month. - Similar Threads - PowerShell event log

  2. PowerShell event log that happens every month.

    in Windows 10 Gaming
    PowerShell event log that happens every month.: Why is this event log happening every month?Should I be worried?My os is Windows 10 Home It happens in PowerShell/operational logTask Category: Execute a remote commandCreating Scriptblock text 1 of 1:# Copyright © 2008, Microsoft Corporation. All rights reserved.#Common...
  3. PowerShell event log that happens every month.

    in Windows 10 Software and Apps
    PowerShell event log that happens every month.: Why is this event log happening every month?Should I be worried?My os is Windows 10 Home It happens in PowerShell/operational logTask Category: Execute a remote commandCreating Scriptblock text 1 of 1:# Copyright © 2008, Microsoft Corporation. All rights reserved.#Common...
  4. Powershell event log

    in AntiVirus, Firewalls and System Security
    Powershell event log: I have many of these in my event logs : POWERSHELL...task category execute a remote command :Creating Scriptblock text 1 of 1:# Copyright © 2008, Microsoft Corporation. All rights reserved.#Common utility functionsImport-LocalizedData -BindingVariable localizationString...
  5. This happens every time I log in

    in Windows 10 BSOD Crashes and Debugging
    This happens every time I log in: [IMG]what is this https://answers.microsoft.com/en-us/windows/forum/all/this-happens-every-time-i-log-in/250d28af-f914-46b0-a7fb-891f6fdbaed2
  6. UIAutomation Events on Powershell

    in Windows 10 BSOD Crashes and Debugging
    UIAutomation Events on Powershell: I'm trying to listen UIAutomation events using Powershell, and wrote somethings like this. $propChangeHandler= [System.Windows.Automation.AutomationPropertyChangedEventHandler]# <summary># Adds a handler for property-changed event in particular, a change in the enabled...
  7. Logging into my PC with a different password every month.

    in Windows Hello & Lockscreen
    Logging into my PC with a different password every month.: How do I stop Windows 10 from asking me every month to change my password??? if I don't do it I can't log in to my laptop! https://answers.microsoft.com/en-us/windows/forum/all/logging-into-my-pc-with-a-different-password-every/47a84ace-42de-4903-8422-45195426c307
  8. Event Logs

    in Windows 10 Drivers and Hardware
    Event Logs: Is there an event log that shows adding and removing dates of devices - computers, printers, etc from computer? https://answers.microsoft.com/en-us/windows/forum/all/event-logs/27a9283c-9d25-47d8-8e1b-0c04e7f4357e
  9. Special Logon Events happening before I log in

    in Windows 10 Support
    Special Logon Events happening before I log in: I have been troubleshooting an issue on my laptop. In the process, I have noticed that when I reboot, there are "special logon" events in Event Viewer, taking place (under my account) before I actually log back in. Reading about these events, it seems they are normally under...
  10. event log

    in Windows 10 BSOD Crashes and Debugging
    event log: My event log shows numerous errors and warnings specifically for DistributedCom - this started happening around the 1st of November - should i do something? <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider...