DEVHIDE
Login Or Sign up

Get sid from event and convert it back to username

391 Views Asked by At

I try to use command below to get user sid from a specific event, convert it to username and after that put to output its value.

$sid = Get-Winevent -FilterHashtable @{Logname='system';ID=1065} -MaxEvents 1 | Select User -ExpandProperty Userid
$objSID = New-Object System.Security.Principal.SecurityIdentifier ($sid)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

I couldn't find the reason why it isn't working. It can't decode username. $objUser should store the username for the SID. I try to use it for domain users. SID should be valid, because I get it from an existing event.

event-log sid get-winevent
Original Q&A
0

There are 0 best solutions below

Related Questions in EVENT-LOG

Related Questions in SID

Related Questions in GET-WINEVENT

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.