Hello! Can someone give script (Only for PowerShell!) to get Events from Saved Events which are on local computer saved. $log = Get-Eventlog -LogName Security foreach ($i in $log){ if (($i.EventID -eq 4624 ) -and ($i.ReplacementStrings[8] -eq 2)){write-host "Logon`t`tDate: "$i.TimeGenerated "`tUser: "$i.ReplacementStrings[5]} if ($i.EventID -eq 4647 ){write-host "Logoff`t`tDate: "$i.TimeGenerated "`tUser: "$i.ReplacementStrings[1]}} These scripts give me logs from already active events but not from archived. What is command to get events from archived in local computer? Any ideas. It is high important because I need it as soon as possible. Many Thanks! Best Regards!
Looking at old event logs have a look at the following link => blogs.technet.microsoft.com/heyscriptingguy/2011/01/25/use-powershell-to-parse-saved-event-logs-for-errors/