event-log-viewer
List the member of a group
net localgroup "Event Log Readers"Searching security logs using wevtutil
wevtutilwevtutil qe Security /rd:true /f:text | Select-String "/user"wevtutil qe Security /rd:true /f:text /r:share01 /u:julie.clay /p:Welcome1 | findstr "/user"Get-WinEvent -LogName security | where { $_.ID -eq 4688 -and $_.Properties[8].Value -like '*/user*'} | Select-Object @{name='CommandLine';expression={ $_.Properties[8].Value }}Last updated