Dear all,
We need to analysis the security event log (e.g. event ID 4720,4722,4725,4726,4662) for our production servers. However when I run the Get-EventLog I get follow error:
Get-EventLog : Requested registry access is not allowed.
I believe it is because I don't have sufficient permission to read. However I can copy the Security.evtx to somewhere else (e.g. offline computer) for analysis. Could I have some insight to change my script? Many thanks.
Get-EventLog -InstanceId 4720,4722,4725,4726,4662 -LogName Security -After 1/7/2013 -Before 1/8/2013 | Export-Csv "c:temp\july2013.csv"