Introduction

Get-WinEvent Reference on Technet doesn't go into detail on how to use the FilterXPath parameter to filter for events; however, it directs you to XPath Reference on MSDN and Event Selection on MSDN. This post attempts to summarize the documents on XPath specific to building complex XPath queries for events.

In this post, I am going to explain how the following XPath filter works to get all of the logon events for the past 24 hours for a specific user.

Continue Reading...

The Short Answer

If you want to join arrays in powershell, especially if you don't know if one or more of the objects you are joining are arrays or single objects, combine them with the addition '+' operator and cast the first item as an array.

$c = [array]$a + $b

The Long Answer

Continue Reading...

Modified: 01/19/2015

Variable Interpolation, or Two Types of Strings

Strings with single quotes (') are literal strings, meaning there are no special characters; every character in the string will output as itself. Strings with double quotes (") in powershell will expand variables and escape characters inside the string; this is referred to as interpolation.

Continue Reading...