Write Event to Windows Event Log using PowerShell


Creating an EventLog entry using PowerShell is shown below:


Note: The Event Source needs to be created before writing entries to the Event Log. (See this post for further info: Create Event Source with PowerShell)



Create Event Source with PowerShell

To create a Event Source in PowerShell use this:

Get more info on CreateEventSource method here : http://msdn.microsoft.com/en-us/library/2awhba7a.aspx


In PowerShell 2.0 this is even simpler:


EventLog: Determine Windows startup (Event Log Service)

To determine when Windows was started search for Event ID 6005 in the System Event Log. The entry should look like this:

Microsoft Baseline Security Analyzer (MBSA) – on remote computer without a trust

In order to run Microsoft Baseline Security Analyzer (MBSA) against a remote computer with alternative credentials – such as computers in a perimeter without a trust – you have to either call MBSA from command line or connect to the remote computer using NET USE. Below are shown both alternatives:

Alternative #1 – command line


Alternative #2 – GUI (with net use)


Before the scan is started run a Command Prompt as Administrator to specify alternative credentials with NET USE and the remote computer ip-adress.

NOTE: It is important to use Run As Administrator because Microsoft Baseline Security Analyzer (MBSA) is also running as administrator!

When this is done Microsoft Baseline Security Analyzer (MBSA) can start scanning the remote computer from GUI