I've been trying to use eventcombmt to find some user logon attempts but the application crashes. Since there are no other alternatives I thought PowerShell would be my friend.
I need to crawl the Security log which appears to be working but its showing blank Messages.
Get-WinEvent -Path .\Security_A.evtx -Oldest | Where-Object {$_.ID -eq "529"}
ProviderName: Security
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
18/05/2013 00:06:38 529
18/05/2013 00:06:38 529
18/05/2013 00:16:38 529
18/05/2013 00:56:38 529
18/05/2013 00:56:38 529
18/05/2013 00:56:38 529
18/05/2013 01:06:38 529Any ideas?
One thing I guess I should mention is these are from a Windows 2003 DC converted from EVT to EVTX. They open fine in Event Viewer.
PowerShell is running with Administrative privileges.