he idea here is to give a group of users in a help desk situation the ability to use a powershell script to quickly find out the source of account lockouts. The script is working wonderfully as myself, but a non-privileged user cannot run it.
I've provided access to the "Event Log Readers" group and confirmed a test user can remotely view the event log with eventvwr, but the following command still will not run successfully
Any thoughts?
Get-WinEvent -ComputerName dc01 -FilterHashtable @{logname='security'; id=4771} -ErrorAction StopThe error is "Get-WinEvent: Could not retrieve information about the Security log. Error: attempted to perform an unauthorized operation."
Again, I can run this exact same command with an elevated account and it works, so I know it is permissions. The problem is finding which.
I've confirmed that logging into the server with the test account and running the command directly on the server still doesn't work--same error.
