Лог авторизации

$time = [int64](New-TimeSpan (get-date "01/01/2022") (get-date "01/02/2022")).TotalMilliseconds
$filter = "*[System[TimeCreated[timediff(@SystemTime) < $time] and EventID=4624] and EventData[Data[@Name='LogonType']=10]]"
$results = @(
Get-WinEvent -FilterXPath $filter -LogName Security | Foreach {
$evt = $_
$addr = $evt.Properties[18].Value
$textcolor = $host.ui.rawui.foregroundcolor
$host.ui.rawui.foregroundcolor = "red"
 
if ($addr -like "192.168.0*") {$host.ui.rawui.foregroundcolor = "DarkGreen"}
if ($addr -like "10.*") {$host.ui.rawui.foregroundcolor = "yellow"}
"" | Select-Object @{n="Time";e={$evt.TimeCreated}},@{n="UserName";e={$evt.Properties[5].Value}},@{n="Address";e={$addr}}
$host.ui.rawui.foregroundcolor = $textcolor
}
)
$results | export-csv -Encoding UTF8 -Path c:\tmp\list.csv -NoTypeInformation -Delimiter ";"