Tag Archives: get-eventlog

If you are using a KMS server for activating servers and clients in your environment, you may have noticed that there’s really no obvious way to get a list of all the clients that have been activated by the KMS server. One way to get that overview is by using VAMT (http://technet.microsoft.com/en-us/library/hh824953.aspx), but since that tool is based on pulling info from clients and not from the KMS server it is not suitable for everyone. Thankfully, there’s PowerShell 🙂 Getting a list of all activated KMS clients through PowerShell is actually a simple one-liner: $(foreach ($entry in (Get-EventLog -Logname “Key Management Service”)) {$entry.ReplacementStrings[3]}) | sort-object -Unique What this does is look through the Key Management Service eventlog, grab only the client name and then remove all duplicates (since a client activates itself at regular intervals, there will be duplicates).

If you are used to working with Linux you’re probably familiar with using tail, grep and such for gathering stuff from logs and other files. Those are quite useful tools and work very well when you want to find out e.g. why a user fails to log in. In Windows it’s a little different, if we want to find something in the event logs we have always had to resort to a console. But with powershell you can search through the event logs from a command line: Get-EventLog is quite the useful cmdlet. You can specify which log you want to search, a time window, usernames, entrytypes and even computername. If you are a little more experienced with powershell you can even dig down further by piping the command to a where-object cmdlet, for example if you want to see all entries in the system log with the event id…

Read more