Differing Get-WinEvent behavior
Given a single .etl, I'm encountering differing Get-WinEvent behavior depending on the machine/PS version I'm using for a single event. I actually don't know much about this particular event, other than its ProviderID guid 68fdd900-4a3e-11d1-84f4-0000f80464e3, which led me to find:EventTraceEvent class - Win32 apps | Microsoft Docs. The command used in the following examples, each ran on a separate machine: Get-WinEvent -Path F:\example.etl -oldest -MaxEvents 1 Here's the assumed/expected behavior, as shown running the Get-WinEvent command on an older version: Here's the PowerShell versioning information for this machine: Here's the behavior when running the same Get-WinEvent command on a newer version (I'll attach this photo as I don't think this is quite visible): Here's the PowerShell versioning information for this machine: The closest instance I've found to this seems to be:Get-WinEvent fails to retrieve an event description with EventLogException · Issue #7664 · PowerShell/PowerShell · GitHub. I'm not quite sure yet if this is truly a PowerShell problem. Let me know if I can provide any further details.
Powershell command on domain computers as administrator
Hi, I want to execute a command on all computers in my domain but in order for it to work, it needs to run with elevated permissions. Is there a possibility to do this? my command: get-winevent -filterXML([xml](Get-Content "C:\Execute\Inventorview.xml")) | sort timecreated -descending | export-csv c:\execute\result.csv the response i get: get-winevent : Could not retrieve information about the Security log. Error: Poging tot het uitvoeren van een niet-gema chtigde bewerking.. At line:1 char:1 + get-winevent -filterXML([xml](Get-Content "C:\Execute\Inventorview.xm ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-WinEvent], Exception + FullyQualifiedErrorId : LogInfoUnavailable,Microsoft.PowerShell.Commands.GetWinEventCommand (Poging tot het uitvoeren van een niet-gemachtigde bewerking... = dutch for 'trying to execute a non-authorized...') Thanks in advance!
