PowerShell- Get Usernames from Windows Security Log

This snippet takes the export of the Windows Security log and returns a list of user ids from within it.

Exporting the Logs

  1. Open Event Viewer in Windows, select the Security Log and choose “Save All Events As….” – save the file as a Comma Delimited CSV.
  2. Open the exported file in Notepad and add “,Description” to the end of the first line (PowerShell won’t import the description field otherwise)

PowerShell Manipulation

$events=Import-CSV securitylog.csv
$result= foreach ($event in $events) {
(((($event.Description) -Split "`r`n" |
Where-Object {$_ -like '*Account Name:*'}) -Split ":")[1]).trim() }
$result | Sort-Object –Unique

The result is a list of the Account Names found in the file. See GitHub for further info and updates.