Retrieving Event Logs Remotely

by Feb 5, 2010

PowerShell v.2 has added remote capabilities to a number of cmdlets, including Get-EventLog. So now you are able to collect important events remotely with just one line:

Get-EventLog System -EntryType Warning -ComputerName PC01234

You will need to have local admin privileges on the target machine to successfully retrieve the information remotely. If you use UAC, you should make sure to run this command from an elevated PowerShell console. In addition, some remote techniques require certain prerequisites on the target machine that you want to access. For example, Get-EventLog can only retrieve the information if the target machine runs the "Remote Registry" service.

Twitter This Tip! ReTweet this Tip!