PowerShell：Get-Winevent 不适用于 foreach 循环中的多个对象

发布于 2025-01-09 14:02:37 字数 461 浏览 0 评论 0原文

我启用了审核事件组策略，然后将我的测试帐户添加到 Groupname11。

当我尝试在没有注释掉其他组名称的情况下运行它时，我没有从 $Events 中得到任何信息。

我不明白我做错了什么？

$Groups = @(
    #"Groupname8"
    #"Groupname9"
    #"AGroupname10"
    "Groupname11"
    #"Groupname12"
    )
    
    Foreach ($Group in $Groups){
    $Events = Get-WinEvent -FilterHashtable @{logname = 'Security'; ID = 4728; } | Where-Object {$_.Properties.Value -like "*$($Groups)*"}
    }
    $Events

原文

I enabled the audit event group policy and then I added my test account to Groupname11.

When I try to run this without the other group names commented out I don't get anything from $Events.

I don't understand what I am doing wrong?

$Groups = @(
    #"Groupname8"
    #"Groupname9"
    #"AGroupname10"
    "Groupname11"
    #"Groupname12"
    )
    
    Foreach ($Group in $Groups){
    $Events = Get-WinEvent -FilterHashtable @{logname = 'Security'; ID = 4728; } | Where-Object {$_.Properties.Value -like "*$($Groups)*"}
    }
    $Events

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

岁月打碎记忆 2025-01-16 14:02:37

您当前正在循环的每次迭代中覆盖 $Events。

将分配移出循环，以便捕获 $Events 中所有组的事件：

$Groups = @(
    "Groupname8"
    "Groupname9"
    "AGroupname10"
    "Groupname11"
    "Groupname12"
)

$Events = Foreach ($Group in $Groups) {
    Get-WinEvent -FilterHashtable @{logname = 'Security'; ID = 4728; } | Where-Object { $_.Properties.Value -like "*$($Groups)*" }
}

$Events

You're currently overwriting $Events on each iteration of the loop.

Move the assignment out of the loop so you capture the events for all the groups in $Events:

$Groups = @(
    "Groupname8"
    "Groupname9"
    "AGroupname10"
    "Groupname11"
    "Groupname12"
)

$Events = Foreach ($Group in $Groups) {
    Get-WinEvent -FilterHashtable @{logname = 'Security'; ID = 4728; } | Where-Object { $_.Properties.Value -like "*$($Groups)*" }
}

$Events

回复收藏 0 原文

~没有更多了~