cls
$ErrorActionPreference = "SilentlyContinue"
Write-Host "L'extraction des logs peut être longue...."
$ELogs = Get-EventLog System -Source Microsoft-Windows-WinLogon
If ($ELogs)
{ Write-Host "Je Calcule ;-)"
ForEach ($Log in $ELogs)
{ If ($Log.InstanceId -eq 7001)
{ $ET = "ouverture de séssion"
}
ElseIf ($Log.InstanceId -eq 7002)
{ $ET = "fermeture de séssion"
}
Else
{ Continue }
$Result += New-Object PSObject -Property @{
'Date et Heure' = $Log.TimeWritten
'Evènement' = $ET
Utilisateur = (New-Object System.Security.Principal.SecurityIdentifier $Log.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])
SSID = (New-Object System.Security.Principal.SecurityIdentifier $Log.ReplacementStrings[1])
}
}
$Result | Select "Date et Heure","Evènement",Utilisateur,SSID | Sort Time -Descending | Out-GridView
Write-Host "j'ai fini."
}
