Introduction to Windows Command Line-Skill Asessment 10

I cant get this last one, mutliple commands looking at the logs but none the usernames work as the flag I am not sure what I am doing wrong: Some of the commands I used to filter through the logs:

Get-WinEvent -FilterHashTable @{LogName=‘Security’;ID=‘4625’} | Where-Object {$.TimeCreated -gt $date} | where-object {$.TimeCreated -lt $date2} | select-object -expandproperty message

Get-WinEvent -FilterHashTable @{LogName=‘Security’;ID=‘4625’}

even going through and trying all the usernames found as the answer didn’t work is there something im missing?

Did you find any method?

You can Filter even better, when you save get-winevent in a variable and then looking at the properties directly:
$Events = Get-WinEvent -FilterHashTable @{LogName=‘Security’;ID=‘4625’}
$Events[0].property
$Events | foreachObject{$_.property}

still non of the usernames works as a flag…
I dont’t get it either

Hi, still can’t find a track?
I’m still having trouble finding the flag

me too. this one is tough.
Ill keep you posted if I make progress.

I have done it
I used Get-WinEvent, I was doing it in a local account but as it says in the request, you must be in domain control.

In User7 if I remember correctly, the activity of entering domain control was carried out

1 Like

Thank you. Your suggestion was very helpful.

1 Like