Tag Archives: logs

PowerShell- Get Usernames from Windows Security Log

This snippet takes the export of the Windows Security log and returns a list of user ids from within it.

Exporting the Logs

  1. Open Event Viewer in Windows, select the Security Log and choose “Save All Events As….” – save the file as a Comma Delimited CSV.
    EventViewer
  2. Open the exported file in Notepad and add “,Description” to the end of the first line (PowerShell won’t import the description field otherwise)
    Notepad

PowerShell Manipulation

$events=Import-CSV securitylog.csv
$result= foreach ($event in $events) {
(((($event.Description) -Split "`r`n" |
Where-Object {$_ -like '*Account Name:*'}) -Split ":")[1]).trim() }
$result | Sort-Object –Unique

The result is a list of the Account Names found in the file. See GitHub for further info and updates.