PS C:\Windows\System32> Set-Item wsman:\localhost\client\trustedhosts *
PS C:\Windows\System32> Restart-Service WinRM
PS C:\Windows\System32> test-netconnection -computername 192.168.0.24 -port 5985
ComputerName : 192.168.0.24
RemoteAddress : 192.168.0.24
RemotePort : 5985
InterfaceAlias : Wi-Fi 2
SourceAddress : 192.168.0.18
TcpTestSucceeded : True
PS C:\Windows\System32> $credential=get-credential
PS C:\Windows\System32> $session = new-pssession -computername 192.168.0.24 -credential $credential
PS C:\Windows\System32> $session
Id Name Transport ComputerName ComputerType State ConfigurationName Availability
-- ---- --------- ------------ ------------ ----- ----------------- ------------
9 Runspace9 WSMan 192.168.0.24 RemoteMachine Opened Microsoft.PowerShell Available
#obtain security logs of remote computer for last hour
$securityLogs = invoke-command -session $session -scriptblock {
Get-EventLog Security | where TimeWritten -gt (get-date).AddHours(-1)
}
$securityLogs | Export-Csv ~\desktop\report.csv
security logs saved on desktop
reference:
No comments:
Post a Comment