This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, I am new to powershell scripting. I need to retrieve logs that are for security, have the event id of 4659 and only filter/show the ones that the object is in C:\test, after that I want to display the account name and file path and time. Any ideas, I was thinking of using get event-log.
Try this.
$LookFor = 'c:\\test\\'
$filter ='<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[(EventID=4659)]]</Select>
</Query>
</QueryList>'
Get-WinEvent -FilterXml $filter | Where-Object -Property Message -match $LookFor | foreach {
[PSCustomObject]@{
User = $_.properties[1].value
File = $_.properties[6].value
}
}