Event Viewer, filter user logons by XML Query.

Event Viewer, filter user logons by XML Query.

Copy+paste and fill in after your taste:

<QueryList>
<Query Id="0" Path="Security">
    <Select Path="Security">
     *[System[(EventID='4624')]
     and
     System[TimeCreated[timediff(@SystemTime) <= 604800000]]
     and
     EventData[Data[@Name='TargetUserName']!='<COMPUTERNAME>$']
and
     EventData[Data[@Name='TargetUserName']!='SYSTEM']
]
    </Select>
</Query>
</QueryList>

Kommentarer