Snippets for working with event logs

SamErde · Feb 1, 2024 · b0240df · b0240df
1 parent 2ab5ac1
commit b0240df
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/Resolve SID in Event Logs.ps1 b/Resolve SID in Event Logs.ps1
@@ -0,0 +1,5 @@
+# When you have a security principal
+((Get-WinEvent -FilterHashtable @{LogName = 'System'; ID=1501} -MaxEvents 1).UserId).Translate([System.Security.Principal.NTAccount]).Value
+
+# When you have a SID as a string
+[System.Security.Principal.SecurityIdentifier]::new($sid).Translate([System.Security.Principal.NTAccount]).value