Here is the final result with a shout out to Daniel. http://carlwebster.com/finding-average-group-policy-processing-time-using-microsoft-powershell/
Thanks Webster From: listsadmin@lists.myITforum.com [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 7, 2016 2:51 PM To: powersh...@lists.myitforum.com Subject: [powershell] RE: What event logs are on a system Thanks Daniel. That got me headed in the right direction. $GPTime = get-winevent -logname Microsoft-Windows-GroupPolicy/Operational | where {$_.id -eq "8001"} | select message Thanks Webster From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 1:35 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: What event logs are on a system Thanks for the pointer. Example 8 should get me started. -------------------------- EXAMPLE 8 -------------------------- C:\PS>(get-winevent -listprovider microsoft-windows-grouppolicy).events | format-table id, description -auto Description ----------- This command lists the event IDs that the Microsoft-Windows-GroupPolicy event provider generates along with the eve nt description. It uses the Events property of the object that Get-WinEvent returns when you use the ListProvider parameter, and it uses the ID and Description properties of the object in the Events property. From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Daniel Ratliff Sent: Monday, March 07, 2016 1:28 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: What event logs are on a system You have to use Get-WinEvent I think for some of the legacy event logs. Will see if I can find a reference. Daniel Ratliff From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 2:26 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: What event logs are on a system I should have added that get-eventlog -list doesn't give a complete list. PS C:\Users\TEMP> get-eventlog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 64 0 OverwriteAsNeeded 1,273 Application 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 128 0 OverwriteAsNeeded 1,694 OAlerts 64 0 OverwriteAsNeeded 1,062 Security 64 0 OverwriteAsNeeded 2,415 System 512 0 OverwriteAsNeeded 807 ThinPrint Diagnostics 15,360 0 OverwriteAsNeeded 19,393 Windows PowerShell Thanks Webster From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 1:23 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] What event logs are on a system Using PoSH, how can I get a list of event log names? I am trying to get stuff from the group policy log but not having any luck. The gui shows the logname as "Microsoft-Windows-GroupPolicy/Operational" but get-eventlog doesn't like it. PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy/Operational' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand Thanks Webster ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
