//指定要查詢的日期
$year=2007
$month=5
$day=12

//利用.NET物件製造該日以及下一日的物件
$Day1 = New-Object DateTime $year,$month,$day
$Day2 = $Day1.AddDays(1)

//利用WbemScripting.SWbemDateTime物件製造WMI日期格式
$DayFrom = New-Object -com WbemScripting.SWbemDateTime
$DayTo = New-Object -com WbemScripting.SWbemDateTime

$DayFrom.SetVarDate($Day1.ToString("yyyy/MM/dd"),$true)
$DayTo.SetVarDate($Day2.ToString("yyyy/MM/dd"),$true)

//組合出WMI Query Language (WQL)
$QueryString = "Select * from Win32_NTLogEvent where Logfile='Windows PowerShell' and TimeWritten>='"+$DayFrom.Value+"' and TimeWritten<'"+$DayTo.Value+"'"

//執行並儲存結果
$Result = gwmi -Query $QueryString

arrow
arrow
    全站熱搜

    ayowu 發表在 痞客邦 留言(0) 人氣()