Event Logs

Source

Below is a consolidated XML query of all of the event ids related in the above document. I have yet to have this actually solve a problem for me as of 5/30/2024. I still need to dive into the details of the individual log entries with different types and data.

<QueryList>
  <Query Id="0" Path="System">
    <Select Path="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational">*</Select>
    <Select Path="Security">*[System[(EventID=4624)]]</Select>
    <Select Path="Security">*[System[(EventID=4625)]]</Select>
    <Select Path="Security">*[System[(EventID=4634)]]</Select>
    <Select Path="Security">*[System[(EventID=4647)]]</Select>
    <Select Path="Security">*[System[(EventID=4778)]]</Select>
    <Select Path="Security">*[System[(EventID=4779)]]</Select>
    <Select Path="System">*[System[(EventID=9009)]]</Select>
  </Query>
</QueryList>

#end

Active Directory

Basics

Errors and Solutions

Firewall management

Group Policy and PowerShell

Querying Event Logs

Snippets

Useful PowerShell Commands

Windows Network Management from the command line

Event Logs

Active Directory

Basics

Errors and Solutions

Firewall management

Group Policy and PowerShell

Querying Event Logs

Snippets

Useful PowerShell Commands

Windows Network Management from the command line

Event Logs

Windows RDP-Related Event Logs