I tried these two commands and get strange error. First one is probably due to a syntax error based on research, event though the response is ambiguous.
get-winevent -Logname Security -MaxEvents 10 -ComputerName \\WinSvr2k3-std-sp2-dc
ERR: Get-WinEvent : The RPC server is unavailable
get-winevent -ComputerName WinSvr2k3-std-sp2-dc -Logname Security -MaxEvents 5
ERR: Get-WinEvent : There are no more endpoints available from the endpoint mapper
When I try the same using get-eventlog, that works fine... Ideas on what gives? I'm trying to do it the "New MS way"
get-eventlog -ComputerName WinSvr2k3-std-sp2-dc -logname security | Where-Object {$_.EventID -eq '672'} | select-object -first 5 | select machinename
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
1344857 Nov 26 17:40 SuccessA... Microsoft-Windows... 4624 An account was successfully logged on....
1344856 Nov 26 17:38 SuccessA... Microsoft-Windows... 4634 An account was logged off....
1344855 Nov 26 17:38 SuccessA... Microsoft-Windows... 4624 An account was successfully logged on....
1344854 Nov 26 17:38 SuccessA... Microsoft-Windows... 4672 Special privileges assigned to new logon....
1344853 Nov 26 17:35 SuccessA... Microsoft-Windows... 4624 An account was successfully logged on....
Chris