Create event log entry with powershell and fill in user

4
votes

I need to create entry to Windows Event Log (e.g. application log). I know how to do all the stuff beside filling in the user who performed the action.

Example: I need to create a script, that writes some message into application log. I used this tutorial, which worked fine: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use-powershell-to-write-to-event-logs.aspx

But I am not able to influence the "user". When adding entry in windows log, it always fills "User: N/A".

Any idea how to pass "user" argument to the "write-eventlog" cmdlet?

Thank you for your help.

1
powershellevent-log
According to the answers to this similar question spoofing the username is not possible.Ansgar Wiechers
Hi Ansgar, thanks for your reply. Actually I am not trying to spoof the username, I just need to fill in current user who is writing to event log. I need to see who did the change in event log. Thankskubusz

1 Answers

2
votes

Even though (as far as I'm aware) Write-EventLog does not provide an option to write directly to the "User" field, you have two workarounds:

Use built-in standalone exec "EventCreate.exe" (type in eventcreate /? to see the manual)

This one does support providing the username field. I'm not sure, but it may require a password for that user too.

Second workaround would be to pass $env:USERNAME to the "message" field of Write-EventLog. This way you will still obtain the environment's current user.

I hope that helped.