获取 taskscheduler 历史 - 使用 PowerShell 的级别

Question

如何使用 PowerShell 获取任务调度程序的历史级别？

Answer 1

使用：

$EventFilter = @{
    LogName = 'Microsoft-Windows-TaskScheduler/Operational'
    Id = 100
    StartTime = [datetime]::Now.AddDays(-1)
}
# PropertySelector for the Correlation id (the InstanceId) and task name
[string[]]$PropertyQueries = @(
    'Event/EventData/Data[@Name="InstanceId"]'
    'Event/EventData/Data[@Name="TaskName"]'
)
$PropertySelector = New-Object System.Diagnostics.Eventing.Reader.EventLogPropertySelector @(,$PropertyQueries)

# Loop through the start events
$TaskInvocations = foreach($StartEvent in Get-WinEvent -FilterHashtable $EventFilter){

    # Grab the InstanceId and Task Name from the start event
    $InstanceId,$TaskName = $StartEvent.GetPropertyValues($PropertySelector)

    # Create custom object with the name and start event, query end event by InstanceId
    [pscustomobject]@{
        TaskName = $TaskName
        StartTime = $StartEvent.TimeCreated
        EndTime = $(Get-WinEvent -FilterXPath "*[System[(EventID=102)] and EventData[Data[@Name=""InstanceId""] and Data=""{$InstanceId}""]]" -LogName 'Microsoft-Windows-TaskScheduler/Operational' -ErrorAction SilentlyContinue).TimeCreated
    }
}
$TaskInvocations

参考link：

获取 taskscheduler 历史 - 使用 PowerShell 的级别

Get taskscheduler history - level using PowerShell

powershell

history

taskscheduler