如何使用$ computers变量在以下示例中执行所有cpu get-winevent?
Get-WinEvent -FilterHashTable @{LogName= "Application"; ProviderName="Microsoft-Windows-SoftwareRestrictionPolicies";StartTime=$StartTime} -ErrorAction SilentlyContinue
$Computers = get-adcomputer -SearchBase "OU=Workstations,DC=FQDN,DC=local" -filter * -Properties MemberOf | where-object {[string]$_.memberof -notmatch 'CN=NPS' } | select Name | Format-Table -HideTableHeaders | Out-File C:\Users\user\Desktop\cpu1.txt
gc C:\Users\user\Desktop\cpu1.txt | where {$_ -ne ""} > C:\Users\user\Desktop\cpu2.txt
$cpu = Get-Content C:\Users\user\Desktop\cpu2.txt
$a = New-PSSession -ComputerName $cpu
我尝试使用enter-pssession -computername $ cpu或输入-pssession -session $ a但这不起作用。
我在下面使用invoke-command:
Invoke-Command -ComputerName $cpu -ScriptBlock {Get-WinEvent -FilterHashTable @{LogName= "Application"; ProviderName="Microsoft-Windows-SoftwareRestrictionPolicies";StartTime=$StartTime}}
但我有这个错误:
A null value was encountered in the StartTime hash table key. Null values are not permitted.
+ CategoryInfo : InvalidArgument: (StartTime:String) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NullNotAllowedInHashtable,Microsoft.PowerShell.Commands.GetWinEventCommand
+ PSComputerName : computername
我正在尝试将所有cpu的日志复制到csv文件。
答案 0 :(得分:0)
问题是$StartTime范围内-ScriptBlock不可用。您需要提供ArgumentList,例如:
Invoke-Command -ComputerName $cpu -ScriptBlock {param($StartTime) Get-WinEvent -FilterHashTable @{LogName= "Application"; ProviderName="Microsoft-Windows-SoftwareRestrictionPolicies";StartTime=$StartTime}} -ArgumentList $StartTime
在旁注中,下次请将您的示例简化为最小值,因为我们对您获取计算机的方式并不感兴趣