{"id":269296,"date":"2015-11-30T13:41:02","date_gmt":"2015-11-30T10:41:02","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=269296"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=269296","title":{"rendered":"\u0410\u0443\u0434\u0438\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0436\u0443\u0440\u0430\u043d\u0430\u043b\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. Power Powershell"},"content":{"rendered":"

\u0410\u0443\u0434\u0438\u0442 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043c\u043e\u0433 \u043c\u043e\u0435\u043c\u0443 \u043a\u043e\u043b\u043b\u0435\u0433\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043b\u044e\u0431\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043c\u0435\u044e\u0442 \u0445\u043e\u0442\u044c \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0438\u043b\u0438 ActiveDirectory. <\/p>\n

\u0412 \u0442\u043e\u043f\u0438\u043a\u0435 \u0431\u0443\u0434\u0435\u0442 \u043c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043d\u0430\u0434\u0435\u044e\u0441\u044c, \u0431\u0443\u0434\u0435\u0442 \u0432\u0430\u043c \u043f\u043e\u043b\u0435\u0437\u0435\u043d. <\/p>\n

\u041f\u0435\u0440\u0432\u044b\u043c \u0434\u0435\u043b\u043e\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u044b\u043b\u043e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u044b\u043b\u043e \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c. \u0427\u0442\u043e\u0431\u044b \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0442\u0435\u043a\u0441\u0442\u0430, \u044f \u0441\u043e\u0437\u0434\u0430\u043b\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e ID \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0432\u044b\u0434\u0430\u0435\u0442 \u0435\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:
<\/a> <\/p>\n

Function DefineReason ($Id){     switch ($Id){         4741{ Return "\u0421\u043e\u0437\u0434\u0430\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430"}         4742{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430" }         4743{ Return "\u0423\u0434\u0430\u043b\u0435\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430"}         4727{ Return "\u0421\u043e\u0437\u0434\u0430\u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4728{ Return "\u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043a \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0435 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4729{ Return "\u0423\u0434\u0430\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4730{ Return "\u0423\u0434\u0430\u043b\u0435\u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4731{ Return "\u0421\u043e\u0437\u0434\u0430\u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4732{ Return "\u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u0433\u0440\u0443\u043f\u043f\u0443 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4733{ Return "\u0423\u0434\u0430\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4734{ Return "\u0423\u0434\u0430\u043b\u0435\u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4735{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0430 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4737{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4743{ Return "\u0423\u0434\u0430\u043b\u0435\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430"}         4754{ Return "\u0421\u043e\u0437\u0434\u0430\u043d\u0430 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e" }         4755{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0430 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4756{ Return "\u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u043a \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0435 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4757{ Return "\u0423\u0434\u0430\u043b\u0435\u043d \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0438\u0437 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4758{ Return "\u0423\u0434\u0430\u043b\u0435\u043d\u0430 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e"}         4764{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d \u0442\u0438\u043f \u0433\u0440\u0443\u043f\u043f\u044b"}         4720{ Return "\u0421\u043e\u0437\u0434\u0430\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c"}         4722{ Return "\u0412\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c"}         4724{ Return "\u0421\u0431\u0440\u043e\u0441 \u043f\u0430\u0440\u043e\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f"}         4725{ Return "\u0423\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430"}         4726{ Return "\u0423\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u0430"}         4738{ Return "\u0418\u0437\u043c\u0435\u043d\u0435\u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c"}         4740{ Return "\u0423\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0430"}         4767{ Return "\u0423\u0447\u0435\u0442\u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0430"}         4780{ Return "\u0421\u043f\u0438\u0441\u043e\u043a \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0414\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0431\u044b\u043b \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043d\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0447\u043b\u0435\u043d\u0430\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432"}         4781{ Return "\u0411\u044b\u043b\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u043e \u0438\u043c\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438"}         4794{ Return "\u0411\u044b\u043b\u0430 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u044f\u0442\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0437\u0430\u0434\u0430\u0442\u044c \u0440\u0435\u0436\u0438\u043c \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043b\u0443\u0436\u0431 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432"}         5376{ Return "\u0414\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445: \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u044b"}         5377{ Return "\u0414\u0438\u0441\u043f\u0435\u0442\u0447\u0435\u0440 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445: \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u0432\u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0438\u0437 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0439 \u043a\u043e\u043f\u0438\u0438"}         4825{ Return "\u0417\u0430\u043f\u0440e\u0449\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0440\u0430\u0431\u043e\u0447\u0435\u043c\u043e \u0441\u0442\u043e\u043b\u0443, \u043d\u0435 \u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u0433\u0440\u0443\u043f\u043f\u0443 RDP"}         1102{ Return "\u0423\u0434\u0430\u043b\u0435\u043d \u0436\u0443\u0440\u043d\u0430\u043b Security"}     } } <\/code><\/pre>\n
  \u0417\u0430\u0442\u0435\u043c \u043f\u043e\u043d\u0430\u0434\u043e\u0431\u0438\u043b\u043e\u0441\u044c \u043e\u043f\u0438\u0441\u0430\u0442\u044c \u0441\u043e\u0431\u044b\u0442\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u043e \u043c\u0430\u0441\u043a\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430:<\/p>\n
# \u0424\u0443\u043d\u043a\u0446\u0438\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043f\u043e \u043c\u0430\u0441\u043a\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430  Function DefineReasonByAccessMask ($AccessMask){     switch($AccessMask){         "0xc0000064"  { Return "\u0418\u043c\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442" }         "0xc000006A"  { Return "\u0412\u0435\u0440\u043d\u043e\u0435 \u0438\u043c\u044f, \u043d\u043e \u043d\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c"}         "0xc0000234"  { Return "\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d" }         "0xc0000072"  { Return "\u0423\u0447\u0435\u0442\u043a\u0430 \u0434\u0435\u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u0430"}         "0xc0000006F" { Return "\u0412\u0445\u043e\u0434 \u0432\u043d\u0435 \u0440\u0430\u0431\u043e\u0447\u0435\u0435 \u0432\u0440\u0435\u043c\u044f"}         "0xc00000070" { Return "\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0430\u043d\u0446\u0438\u0438"}         "0xc00000193" { Return "\u0421\u0440\u043e\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0438\u0441\u0442\u0435\u043a"}         "0xc00000071" { Return "\u0421\u0440\u043e\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f \u0418\u0441\u0442\u0435\u043a"}         "0xc00000224" { Return "\u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u044c \u043f\u0440\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u0432\u0445\u043e\u0434\u0435"}         "0xc000015b"  { Return "\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d \u0432\u0445\u043e\u0434 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435"}         "0xc000006d"  { Return "\u041d\u0435\u0432\u0435\u0440\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c"}     } } <\/code><\/pre>\n
  \u0422\u0435\u043f\u0435\u0440\u044c \u043c\u044b \u0437\u043d\u0430\u0435\u043c, \u0437\u0430 \u0447\u0435\u043c \u0445\u043e\u0442\u0438\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0448\u0430\u0433 \u043f\u0440\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043f\u043e \u0430\u0443\u0434\u0438\u0442\u0443 \u2014 \u044d\u0442\u043e \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 XML, \u0442\u0430\u043a \u043a\u0430\u043a \u0435\u0441\u043b\u0438 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u043c\u043d\u043e\u0433\u043e, \u0442\u043e \u043f\u043e\u0441\u0442\u0440\u043e\u0447\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438. <\/p>\n
  \u0427\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438\u0437 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0434\u043d\u0443 \u0438\u0437 \u043a\u043e\u043c\u0430\u043d\u0434, \u0432 \u043a\u0430\u0436\u0434\u043e\u0439 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0435\u0441\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430 \u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438:<\/p>\n
1. Get-LogEvent security<\/h4>\n
  \u041f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430:<\/p>\n
   \u2014 \u0431\u044b\u0441\u0442\u0440\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f;
   \u2014 \u043d\u0435 \u043d\u0443\u0436\u043d\u0430 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f.<\/p>\n
  \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438:<\/p>\n
   \u2014 \u0434\u043e\u0441\u0442\u0443\u043f \u0442\u043e\u043b\u044c\u043a\u043e \u0441 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u043e\u043c\u0443 \u0436\u0443\u0440\u043d\u0430\u043b\u0443 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u043f\u043e \u043f\u0443\u0442\u0438: Windows\/System32\/winevt\/security.evtx;
   \u2014 \u0434\u043e\u043b\u0433\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u0442\u0435\u0433\u0430 . \u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043f\u0443\u0442\u0435\u043c \u043f\u043e\u0441\u0442\u0440\u043e\u0447\u043d\u043e\u0439 \u0441\u0435\u043f\u0430\u0440\u0430\u0446\u0438\u0438 \u0441 \u043b\u0438\u043a\u0432\u0438\u0434\u0430\u0446\u0438\u0435\u0439 \u0441\u043f\u0435\u0446\u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432.<\/p>\n
2. Get-WinEvent \u2013path \u201cD:\/\u201d<\/h4>\n
  \u041f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0430:<\/p>\n
   \u2014 \u0431\u044b\u0441\u0442\u0440\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0436\u0443\u0440\u043d\u0430\u043b\u0430;
   \u2014 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043b\u044e\u0431\u043e\u043c\u0443 \u0436\u0443\u0440\u043d\u0430\u043b\u0443. \u0413\u043b\u0430\u0432\u043d\u043e\u0435 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043f\u0443\u0442\u044c.<\/p>\n
  \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438:<\/p>\n
   \u2014 \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430.<\/p>\n
Try { $Events = Get-WinEvent -FilterHashTable $MyFilter  } Catch {"No events were found in $Log"; Continue}     ForEach ($Raw_Event in $Events)     {\t           Try{           $EventXML = [xml]$Raw_Event.ToXML()       } Catch {Write-Host "Unable to convert an event to XML"}       $Event = @{}       ForEach ($object in $EventXML.Event.EventData.Data) {         $Event.Add($object.name,$object.'#text')       }        $Event.Add("ID",$Raw_Event.ID)       $Event.Add("TimeCreated",$Raw_Event.TimeCreated) <\/code><\/pre>\n
  \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0448\u0430\u0433 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u043c\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0436\u0443\u0440\u043d\u0430\u043b\u0443, \u044d\u0442\u043e \u0432\u044b\u0442\u044f\u0433\u0438\u0432\u0430\u0442\u044c \u0438\u0437 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0442\u0440\u0435\u0431\u0443\u0435\u043c\u044b\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438 \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043f\u043e \u043d\u0438\u043c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f. \u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u2013 \u044d\u0442\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u0447\u0442\u0443 \u0438\u043b\u0438 \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b.<\/p>\n
  \u0417\u0430\u0434\u0430\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0431\u0443\u0434\u0435\u043c \u0432\u044b\u0442\u044f\u0433\u0438\u0432\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f. \u0414\u0438\u0430\u043b\u043e\u0433\u043e\u0432\u043e\u0435 \u043e\u043a\u043d\u043e \u0441 \u0432\u0432\u043e\u0434\u043e\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432.<\/p>\n
  \"image\"\/<\/p>\n
  1. \u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442, \u0447\u0442\u043e \u0436\u0443\u0440\u043d\u0430\u043b\u044b \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0437\u0430\u0434\u0430\u0442\u044c. \u0415\u0441\u043b\u0438 \u0436\u0443\u0440\u043d\u0430\u043b \u043e\u0434\u0438\u043d, \u0442\u043e \u0437\u0430\u0434\u0430\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0434\u043b\u044f \u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432: \u00abC:\\Windows\\System32\\winevt\\Logs\u00bb.<\/p>\n
  2. \u0412\u0442\u043e\u0440\u043e\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u0442 \u0441\u0435\u0440\u0432\u0435\u0440, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u043a\u0430\u0442\u044c\u0441\u044f \u043b\u043e\u0433\u0438. \u0415\u0441\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u043e\u0434\u0438\u043d, \u0442\u043e \u0441\u0442\u0430\u0432\u0438\u043c \u00ab*\u00bb.<\/p>\n
  3. \u0422\u0440\u0435\u0442\u0438\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u043f\u0440\u0435\u0434\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u043d\u044f\u0442\u0435\u043d: * \u2014 \u0438\u0449\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434, \u0435\u0441\u043b\u0438 \u0437\u0430\u0434\u0430\u043d\u0430 \u0434\u0430\u0442\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, 30.11.2015, \u0442\u043e \u0438\u0449\u0435\u043c \u0437\u0430 \u044d\u0442\u0443 \u0434\u0430\u0442\u0443. \u041f\u043e\u0438\u0441\u043a \u0437\u0430 \u043f\u0435\u0440\u0438\u043e\u0434 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0432\u0432\u043e\u0434\u043e\u043c \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u0438 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u0434\u0430\u0442\u044b \u0447\u0435\u0440\u0435\u0437 \u0442\u0438\u0440\u0435 (01.11.2015-30.11.2015).<\/p>\n
  4. \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 \u0440\u0430\u0431\u043e\u0442\u044b, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u00abD:\\log.log\u00bb. \u041d\u0438\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d \u043a\u043e\u0434, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u043f\u043e\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0434\u043b\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u0430:<\/p>\n
$objForm = New-Object System.Windows.Forms.Form  $objForm.Text = "\u0412\u0432\u043e\u0434 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445" $objForm.Size = New-Object System.Drawing.Size(300,450)  $objForm.StartPosition = "CenterScreen"  # Events path $objLabel1 = New-Object System.Windows.Forms.Label $objLabel1.Location = New-Object System.Drawing.Size(10,20)  $objLabel1.Size = New-Object System.Drawing.Size(280,40)  $objLabel1.Text = "\u0412\u0432\u0435\u0434\u0438\u0442\u0435 \u043f\u043e\u043b\u043d\u044b\u0439 \u043f\u0443\u0442\u044c \u043a \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u043c \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435`nD:\/...\/...\/ :" $objForm.Controls.Add($objLabel1)   $objTextBox1 = New-Object System.Windows.Forms.TextBox  $objTextBox1.Location = New-Object System.Drawing.Size(10,60)  $objTextBox1.Size = New-Object System.Drawing.Size(280,20)  $objForm.Controls.Add($objTextBox1)   #Find Server mode  $objLabel2 = New-Object System.Windows.Forms.Label $objLabel2.Location = New-Object System.Drawing.Size(10,90)  $objLabel2.Size = New-Object System.Drawing.Size(280,30)  $objLabel2.Text = "1. * - \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c.`n2. \u0423\u043a\u0430\u0436\u0438\u0442\u0435 \u0421\u0435\u0440\u0432\u0435\u0440." $objForm.Controls.Add($objLabel2)   $objTextBox2 = New-Object System.Windows.Forms.TextBox  $objTextBox2.Location = New-Object System.Drawing.Size(10,120)  $objTextBox2.Size = New-Object System.Drawing.Size(280,30)  $objForm.Controls.Add($objTextBox2)  #Type Events Mode  $objLabel3 = New-Object System.Windows.Forms.Label $objLabel3.Location = New-Object System.Drawing.Size(10,150)  $objLabel3.Size = New-Object System.Drawing.Size(280,45)  $objLabel3.Text = "1. * - \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c.`n2. \u0423\u043a\u0430\u0436\u0438\u0442\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0435.`n3. \u041f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0438\u0442\u0435 \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u043f\u044f\u0442\u0443\u044e \u0441\u043e\u0431\u044b\u0442\u0438\u044f" $objForm.Controls.Add($objLabel3)   $objTextBox3 = New-Object System.Windows.Forms.TextBox  $objTextBox3.Location = New-Object System.Drawing.Size(10,195)  $objTextBox3.Size = New-Object System.Drawing.Size(280,30)  $objForm.Controls.Add($objTextBox3)  #Date Events mode  $objLabel4 = New-Object System.Windows.Forms.Label $objLabel4.Location = New-Object System.Drawing.Size(10,225)  $objLabel4.Size = New-Object System.Drawing.Size(280,60)  $objLabel4.Text = "1. * - \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434.`n2. \u0423\u043a\u0430\u0436\u0438\u0442\u0435 \u0434\u0430\u0442\u0443 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 \u0414\u0414.\u041c\u041c.\u0413\u0413\u0413\u0413.`n3. \u0423\u043a\u0430\u0436\u0438\u0442\u0435 \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 \u0414\u0414.\u041c\u041c.\u0413\u0413\u0413\u0413-\u0414\u0414.\u041c\u041c.\u0413\u0413\u0413\u0413" $objForm.Controls.Add($objLabel4)   $objTextBox4 = New-Object System.Windows.Forms.TextBox  $objTextBox4.Location = New-Object System.Drawing.Size(10,285)  $objTextBox4.Size = New-Object System.Drawing.Size(280,30)  $objForm.Controls.Add($objTextBox4)  #Save Result  $objLabel5 = New-Object System.Windows.Forms.Label $objLabel5.Location = New-Object System.Drawing.Size(10,315)  $objLabel5.Size = New-Object System.Drawing.Size(280,30)  $objLabel5.Text = "\u041f\u0443\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 \u043f\u043e\u0438\u0441\u043a\u0430" $objForm.Controls.Add($objLabel5)   $objTextBox5 = New-Object System.Windows.Forms.TextBox  $objTextBox5.Location = New-Object System.Drawing.Size(10,345)  $objTextBox5.Size = New-Object System.Drawing.Size(280,30)  $objForm.Controls.Add($objTextBox5)  # \u041a\u043d\u043e\u043f\u043a\u0438 \u041e\u041a \u0438 \u041e\u0442\u043c\u0435\u043d\u0430. \u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u043a\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u043d\u0430\u0436\u0430\u0442\u0438\u0435 \u043a\u043d\u043e\u043f\u043a\u0438 \u041e\u041a.   $OKButton = New-Object System.Windows.Forms.Button $OKButton.Location = New-Object System.Drawing.Size(75,380) $OKButton.Size = New-Object System.Drawing.Size(75,23) $OKButton.Text = "OK" $OKButton.Add_Click({$objForm.Close()}) $objForm.Controls.Add($OKButton) $OKButton.DialogResult=[System.Windows.Forms.DialogResult]::OK  $CancelButton = New-Object System.Windows.Forms.Button $CancelButton.Location = New-Object System.Drawing.Size(150,380) $CancelButton.Size = New-Object System.Drawing.Size(75,23) $CancelButton.Text = "Cancel" $CancelButton.Add_Click({$objForm.Close()}) $objForm.Controls.Add($CancelButton)  $objForm.Topmost = $True  $objForm.Add_Shown({$objForm.Activate()}) $dialogResult =  $objForm.ShowDialog() # \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0437\u0430\u043a\u043e\u043d\u0447\u0435\u043d\u043e <\/code><\/pre>\n
  \u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435:<\/p>\n
# \u041e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b if ($dialogResult -eq "OK"){     $Log_Path       = $objTextBox1.Text     $FindServerMode = $objTextBox2.Text     $TypeEventsMode = $objTextBox3.Text     $DateEventsmode = $objTextBox4.Text     $SaveResult     = $objTextBox5.Text } <\/code><\/pre>\n
  \u0415\u0441\u043b\u0438 \u0432 \u043f\u043e\u043b\u0435 \u0434\u0430\u0442\u0430 \u0435\u0441\u0442\u044c \u0441\u0438\u043c\u0432\u043e\u043b "-", \u0437\u043d\u0430\u0447\u0438\u0442 \u0432\u0432\u0435\u0434\u0435\u043d \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e\u0442 \u0441\u0438\u043c\u0432\u043e\u043b \u0432\u0432\u0435\u0434\u0435\u043d \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e \u2014 \u0432\u0430\u0448\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u041f\u0440\u043e\u0432\u043e\u0434\u0438\u043c \u0441\u0435\u043f\u0430\u0440\u0430\u0446\u0438\u044e \u043f\u043e \u0441\u0438\u043c\u0432\u043e\u043b\u0443 "-", \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u044f\u0435\u043c \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u0438 \u043a\u043e\u043d\u0435\u0447\u043d\u0443\u044e \u0434\u0430\u0442\u0443 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430.<\/p>\n
if ($DateEventsmode -match "-"){     $x = $DateEventsmode.split("-")     $StartDate = $x[0]     $EndDate = $x[1]     $StartDate = [DateTime]::parse($StartDate)     $StartDate      $EndDate = [DateTime]::parse($EndDate)     $EndDate } <\/code><\/pre>\n
  \u0415\u0441\u043b\u0438 \u0432\u043e \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u043c \u043f\u043e\u043b\u0435 \u043d\u0435\u0442 \u043d\u0438 "-", \u043d\u0438 "*", \u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442 \u0432\u0432\u0435\u0434\u0435\u043d\u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u0430\u044f \u0434\u0430\u0442\u0430.<\/p>\n
if ($DateEventsmode -notmatch "-" -and $DateEventsmode -ne "*"){     $StartDate1 = [DateTime]::parse($DateEventsmode) } <\/code><\/pre>\n
  1. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -eq "*" -and $DateEventsmode -eq "*" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 1"      $ALL_LOGS = Get-ChildItem -Path $Log_Path -recurse| Where {$_.Extension -eq ".evtx"} | Sort LastWriteTime      $ALL_LOGS      foreach ($Log in $ALL_LOGS){         $LogFile = "Audit EventLog Security" +"`n"         ($Log).FullName         $MyFilter = @{Path=($Log).FullName}         $i=0         Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}         ForEach ($Raw_Event in $Events){         \t                Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}                        $Event = @{}            ForEach ($object in $EventXML.Event.EventData.Data) {               $Event.Add($object.name,$object.'#text')            }            $Event.Add("ID",$Raw_Event.ID)            $Event.Add("TimeCreated",$Raw_Event.TimeCreated)             $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"            $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"            $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"            $LogFile+= "Status:             " + $Event.Status                        +"`n"            $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"            $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"            $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"            $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                     +"`n"            $Reason = DefineReason -Id $Raw_Event.ID            $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status              $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"            $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"            $LogFile+= "----------------------------------------------------------------`n"            $i++          }         } } <\/code><\/pre>\n
  2. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -eq "*" -and $DateEventsmode -eq "*" -and $TypeEventsMode -ne "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 2"          $ALL_LOGS = Get-ChildItem -Path $Log_Path | Where {$_.Extension -eq ".evtx"} | Sort LastWriteTime          $ALL_LOGS          foreach ($Log in $ALL_LOGS){             $LogFile = "Audit EventLog Security" +"`n"             ($Log).FullName             $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}             Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}             ForEach ($Raw_Event in $Events){\t                    Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}                $Event = @{}                ForEach ($object in $EventXML.Event.EventData.Data) {                   $Event.Add($object.name,$object.'#text')                }                 $Event.Add("ID",$Raw_Event.ID)                $Event.Add("TimeCreated",$Raw_Event.TimeCreated)                 $LogFile+= "EventID:            " + $Event.ID                       +"`n"                $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"                $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"                $LogFile+= "Status:             " + $Event.Status                        +"`n"                $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"                $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"                $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"                $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                     +"`n"                $Reason = DefineReason -Id $Raw_Event.ID                $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                  $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"                $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"                $LogFile+= "----------------------------------------------------------------`n"              }          }      } <\/code><\/pre>\n
  3. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d:<\/p>\n
if ($FindServerMode -eq "*" -and $DateEventsmode -match "-" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 3"         $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" } | Sort LastWriteTime         $ALL_LOGS         foreach ($Log in $ALL_LOGS){            $LogFile = "Audit EventLog Security" +"`n"            ($Log).FullName            $StartDate            $EndDate            $MyFilter = @{Path=($Log).FullName}            Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}            ForEach ($Raw_Event in $Events){\t                   Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}               $Event = @{}               ForEach ($object in $EventXML.Event.EventData.Data) {                  $Event.Add($object.name,$object.'#text')               }                $Event.Add("ID",$Raw_Event.ID)               $Event.Add("TimeCreated",$Raw_Event.TimeCreated)               $Event.TimeCreated               if ($Event.TimeCreated -gt $StartDate -and $Event.TimeCreated -lt $EndDate){                    $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"                    $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"                    $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"                    $LogFile+= "Status:             " + $Event.Status                        +"`n"                    $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"                    $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"                    $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"                    $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                     +"`n"                    $Reason = DefineReason -Id $Raw_Event.ID                    $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                      $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"                    $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"                    $LogFile+= "----------------------------------------------------------------`n"               }             }          }      } <\/code><\/pre>\n
  4. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u0430\u0442\u0443:<\/p>\n
if ($FindServerMode -eq "*" -and $DateEventsmode -notmatch "-"  -and $DateEventsmode -ne "*" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 5"     $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $StartDate1 -ne "null" } | Sort LastWriteTime     $ALL_LOGS     foreach ($Log in $ALL_LOGS){        $LogFile = "Audit EventLog Security" +"`n"        ($Log).FullName        $Log.LastWriteTime        $StartDate        $EndDate        $MyFilter = @{Path=($Log).FullName}        Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}        ForEach ($Raw_Event in $Events){\t            Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}        $Event = @{}        ForEach ($object in $EventXML.Event.EventData.Data) {           $Event.Add($object.name,$object.'#text')        }         $Event.Add("ID",$Raw_Event.ID)        $Event.Add("TimeCreated",$Raw_Event.TimeCreated)         if ($Event.TimeCreated.Day -eq $StartDate1.Day -and $Event.TimeCreated.Month -eq $StartDate1.Month -and $Event.TimeCreated.Year -eq $StartDate1.Year){             $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"             $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"             $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"             $LogFile+= "Status:             " + $Event.Status                        +"`n"             $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"             $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"             $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"             $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"             $Reason = DefineReason -Id $Raw_Event.ID             $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status               $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"             $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"             $LogFile+= "----------------------------------------------------------------`n"         }      }    } } <\/code><\/pre>\n
  5. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -eq "*"  -and $DateEventsmode -match "-" -and $DateEventsmode -ne "*" -and $TypeEventsMode -ne "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 4"      $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $StartDate1 -ne ""} | Sort LastWriteTime      $ALL_LOGS      foreach ($Log in $ALL_LOGS){         $LogFile = "Audit EventLog Security" +"`n"         ($Log).FullName         $Log.LastWriteTime         $StartDate         $EndDate         $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}         Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}         ForEach ($Raw_Event in $Events){\t             Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}         $Event = @{}         ForEach ($object in $EventXML.Event.EventData.Data) {            $Event.Add($object.name,$object.'#text')         }          $Event.Add("ID",$Raw_Event.ID)         $Event.Add("TimeCreated",$Raw_Event.TimeCreated)          if ($Event.TimeCreated.Day -eq $StartDate1.Day -and $Event.TimeCreated.Month -eq $StartDate1.Month -and $Event.TimeCreated.Year -eq $StartDate1.Year){             $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"             $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"             $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"             $LogFile+= "Status:             " + $Event.Status                        +"`n"             $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"             $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"             $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"             $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"             $Reason = DefineReason -Id $Raw_Event.ID             $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status               $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"             $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"             $LogFile+= "----------------------------------------------------------------`n"          }        }   }               }              <\/code><\/pre>\n
  6. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u0430\u0442\u0443:<\/p>\n
if ($FindServerMode -eq "*" -and $TypeEventsMode -ne "*" -and $DateEventsmode -notmatch "-"  -and $DateEventsmode -ne "*" -and $Log_Path -ne "") { Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 6"     $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $StartDate1 -ne "" } | Sort LastWriteTime     $ALL_LOGS     foreach ($Log in $ALL_LOGS){        $LogFile = "Audit EventLog Security" +"`n"        ($Log).FullName        $Log.LastWriteTime        $StartDate        $EndDate        $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}        Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}        ForEach ($Raw_Event in $Events){\t               Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}           $Event = @{}           ForEach ($object in $EventXML.Event.EventData.Data) {              $Event.Add($object.name,$object.'#text')           }            $Event.Add("ID",$Raw_Event.ID)           $Event.Add("TimeCreated",$Raw_Event.TimeCreated)            if ($Event.TimeCreated.Day -eq $StartDate1.Day -and $Event.TimeCreated.Month -eq $StartDate1.Month -and $Event.TimeCreated.Year -eq $StartDate1.Year){               $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"               $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"               $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"               $LogFile+= "Status:             " + $Event.Status                        +"`n"               $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"               $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"               $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"               $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"               $Reason = DefineReason -Id $Raw_Event.ID               $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                 $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"               $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"               $LogFile+= "----------------------------------------------------------------`n"            }        }       }               } <\/code><\/pre>\n
  7. \u041f\u043e\u0438\u0441\u043a \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c, \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u043e\u0438\u0441\u043a \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -ne "*" -and $DateEventsmode -eq "*" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 7"     $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $_.FullName -match $FindServerMode} | Sort LastWriteTime     $ALL_LOGS     foreach ($Log in $ALL_LOGS){        $LogFile = "Audit EventLog Security" +"`n"        ($Log).FullName        $MyFilter = @{Path=($Log).FullName}        Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}        ForEach ($Raw_Event in $Events){\t               Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}           $Event = @{}           ForEach ($object in $EventXML.Event.EventData.Data) {              $Event.Add($object.name,$object.'#text')           }            $Event.Add("ID",$Raw_Event.ID)           $Event.Add("TimeCreated",$Raw_Event.TimeCreated)            $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"           $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"           $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"           $LogFile+= "Status:             " + $Event.Status                        +"`n"           $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"           $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"           $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"           $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"           $Reason = DefineReason -Id $Raw_Event.ID           $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status             $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"           $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"           $LogFile+= "----------------------------------------------------------------`n"         }     }           } <\/code><\/pre>\n
  8. \u041f\u043e\u0438\u0441\u043a \u043d\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u0432\u0435\u0441\u044c \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -ne "*" -and $DateEventsmode -eq "*" -and $TypeEventsMode -ne "*" -and $Log_Path -ne ""){      Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 8"      $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $_.FullName -match $FindServerMode} | Sort LastWriteTime            $ALL_LOGS      foreach ($Log in $ALL_LOGS){      $LogFile = "Audit EventLog Security" +"`n"      ($Log).FullName      $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}      Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}      ForEach ($Raw_Event in $Events){\t             Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}         $Event = @{}         ForEach ($object in $EventXML.Event.EventData.Data) {            $Event.Add($object.name,$object.'#text')         }          $Event.Add("ID",$Raw_Event.ID)         $Event.Add("TimeCreated",$Raw_Event.TimeCreated)          $LogFile+= "EventID:            " + $Event.ID                       +"`n"         $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"         $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"         $LogFile+= "Status:             " + $Event.Status                        +"`n"         $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"         $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"         $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"         $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"         $Reason = DefineReason -Id $Raw_Event.ID         $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status           $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"         $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"         $LogFile+= "----------------------------------------------------------------`n"      }        } } <\/code><\/pre>\n
  9. \u041f\u043e\u0438\u0441\u043a \u043d\u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -ne "*"-and $DateEventsmode -match "-" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 9"     $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $_.FullName -match $FindServerMode -and $StartDate -ne "null" -and $EndDate -ne "null"} | Sort LastWriteTime     $ALL_LOGS     foreach ($Log in $ALL_LOGS){        $LogFile = "Audit EventLog Security" +"`n"        ($Log).FullName        $Log.LastWriteTime        $StartDate        $EndDate        $MyFilter = @{Path=($Log).FullName}        Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}        ForEach ($Raw_Event in $Events){\t               Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}           $Event = @{}           ForEach ($object in $EventXML.Event.EventData.Data) {              $Event.Add($object.name,$object.'#text')           }            $Event.Add("ID",$Raw_Event.ID)           $Event.Add("TimeCreated",$Raw_Event.TimeCreated)            if ($Event.TimeCreated -gt $StartDate -and $Event.TimeCreated -lt $EndDate){               $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"               $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"               $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"               $LogFile+= "Status:             " + $Event.Status                        +"`n"               $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"               $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"               $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"               $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"               $Reason = DefineReason -Id $Raw_Event.ID               $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                 $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"               $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"               $LogFile+= "----------------------------------------------------------------`n"            }         }     } } <\/code><\/pre>\n
  10. \u041f\u043e\u0438\u0441\u043a \u043d\u0430 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u043f\u0435\u0440\u0438\u043e\u0434:<\/p>\n
if ($FindServerMode -ne "*"  -and $DateEventsmode -match "-" -and $DateEventsmode -ne "*" -and $TypeEventsMode -ne "*" -and $Log_Path -ne ""){ Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 10"     $ALL_LOGS = Get-ChildItem -Path $Log_Path | Where {$_.Extension -eq ".evtx" -and  $_.FullName -match $FindServerMode -and $StartDate -ne "null" -and $EndDate -ne "null"} | Sort LastWriteTime     $ALL_LOGS     foreach ($Log in $ALL_LOGS){        $LogFile = "Audit EventLog Security" +"`n"        ($Log).FullName        $Log.LastWriteTime        $StartDate        $EndDate        $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}        Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}        ForEach ($Raw_Event in $Events){\t               Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}           $Event = @{}           ForEach ($object in $EventXML.Event.EventData.Data) {              $Event.Add($object.name,$object.'#text')           }            $Event.Add("ID",$Raw_Event.ID)           $Event.Add("TimeCreated",$Raw_Event.TimeCreated)                                    if ($Event.TimeCreated -gt $StartDate -and $Event.TimeCreated -lt $EndDate){                $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"                $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"                $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"                $LogFile+= "Status:             " + $Event.Status                        +"`n"                $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"                $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"                $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"                $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"                $Reason = DefineReason -Id $Raw_Event.ID                $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                  $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"                $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"                $LogFile+= "----------------------------------------------------------------`n"            }         }      }  } <\/code><\/pre>\n
  11. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043f\u043e \u0432\u0441\u0435\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c, \u0437\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u0430\u0442\u0443:<\/p>\n
if ($FindServerMode -ne "*" -and $DateEventsmode -notmatch "-"  -and $DateEventsmode -ne "*" -and $TypeEventsMode -eq "*" -and $Log_Path -ne ""){  Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 11"       $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $StartDate1 -ne "null" } | Sort LastWriteTime       $ALL_LOGS       foreach ($Log in $ALL_LOGS){          $LogFile = "Audit EventLog Security" +"`n"          ($Log).FullName          $Log.LastWriteTime          $StartDate          $EndDate          $MyFilter = @{Path=($Log).FullName}          Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}          ForEach ($Raw_Event in $Events){\t                 Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}             $Event = @{}             ForEach ($object in $EventXML.Event.EventData.Data) {                $Event.Add($object.name,$object.'#text')             }              $Event.Add("ID",$Raw_Event.ID)             $Event.Add("TimeCreated",$Raw_Event.TimeCreated)              if ($Event.TimeCreated.Day -eq $StartDate1.Day -and $Event.TimeCreated.Month -eq $StartDate1.Month -and $Event.TimeCreated.Year -eq $StartDate1.Year){                  $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"                  $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"                  $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"                  $LogFile+= "Status:             " + $Event.Status                        +"`n"                  $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"                  $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"                  $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"                  $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"                  $Reason = DefineReason -Id $Raw_Event.ID                  $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                    $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"                  $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"                  $LogFile+= "----------------------------------------------------------------`n"               }             }                   }   } <\/code><\/pre>\n
  12. \u041f\u043e\u0438\u0441\u043a \u043f\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043f\u043e \u0444\u0438\u043b\u044c\u0442\u0440\u0443 \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u0437\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u0443\u044e \u0434\u0430\u0442\u0443:<\/p>\n
if ($FindServerMode -ne "*" -and $TypeEventsMode -ne "*" -and $DateEventsmode -notmatch "-"  -and $DateEventsmode -ne "*" -and $Log_Path -ne ""){  Write-host "\u0432\u043e\u0448\u043b\u0438 \u0432 12"      $ALL_LOGS = Get-ChildItem -Path $Log_Path -Recurse| Where {$_.Extension -eq ".evtx" -and $StartDate1 -ne "null" } | Sort LastWriteTime      $ALL_LOGS      foreach ($Log in $ALL_LOGS){         $LogFile = "Audit EventLog Security" +"`n"         ($Log).FullName         $Log.LastWriteTime         $StartDate         $EndDate         $MyFilter = @{Path=($Log).FullName;ID=$TypeEventsMode}         Try {$Events = Get-WinEvent -FilterHashTable $MyFilter} Catch {"No events were found in $Log"; Continue}         ForEach ($Raw_Event in $Events){\t                Try{$EventXML = [xml]$Raw_Event.ToXML()} Catch {Write-Host "Unable to convert an event to XML"}            $Event = @{}            ForEach ($object in $EventXML.Event.Message) {               $Event.Add($object.name,$object.'#text')            }             $Event.Add("ID",$Raw_Event.ID)            $Event.Add("TimeCreated",$Raw_Event.TimeCreated)            $Event            if ($Event.TimeCreated.Day -eq $StartDate1.Day -and $Event.TimeCreated.Month -eq $StartDate1.Month -and $Event.TimeCreated.Year -eq $StartDate1.Year){                 $LogFile+= "EventID:            " + $Raw_Event.ID                      +"`n"                 $LogFile+= "Target User Name:   " + $Event.TargetUserName                +"`n"                 $LogFile+= "Target Domain Name: " + $Event.TargetDomainName              +"`n"                 $LogFile+= "Status:             " + $Event.Status                        +"`n"                 $LogFile+= "TimeGenerated:      " + $Event.TimeCreated                   +"`n"                 $LogFile+= "Workstation Name:   " + $Event.WorkstationName               +"`n"                 $LogFile+= "IpAddress:          " + $Event.IpAddress                     +"`n"                 $LogFile+= "Computer:           " + [xml]$Raw_Event.ToXML().Event.System.Computer                      +"`n"                 $Reason = DefineReason -Id $Raw_Event.ID                 $AccessM = DefineReasonByAccessMask -AccessMask $Event.Status                   $LogFile+= "Reason(RU):         " + $Reason  + " "+  $AccessM            +"`n"                 $LogFile+= "Reason(SYS):        " + $Event.Message                      +"`n"                 $LogFile+= "----------------------------------------------------------------`n"            }         }       } } <\/code><\/pre>\n
  \u0412 \u043a\u043e\u043d\u0446\u0435 \u043c\u0435\u0441\u044f\u0446\u0430 (\u043f\u0435\u0440\u0438\u043e\u0434 \u0438\u043d\u0434\u0438\u0432\u0438\u0434\u0443\u0430\u043b\u044c\u043d\u043e \u0437\u0430\u0434\u0430\u0435\u0442\u0441\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438) \u0436\u0443\u0440\u043d\u0430\u043b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0430\u0440\u0445\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440-\u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435, \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u0434\u0430\u0442\u044b \u0430\u0440\u0445\u0438\u0432\u0430\u0446\u0438\u0438. <\/p>\n
  \u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e \u043a\u0430\u043a \u043c\u044b \u043e\u043f\u0438\u0441\u0430\u043b\u0438 \u0432\u0441\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u043f\u043e\u0438\u0441\u043a\u0430 \u0441\u043e\u0431\u044b\u0442\u0438\u0439. \u041f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u043d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0432 \u0444\u0430\u0439\u043b, \u043f\u0443\u0442\u044c \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043f\u043e\u043b\u0435. \u0415\u0441\u043b\u0438 \u043f\u0443\u0442\u044c \u0437\u0430\u0434\u0430\u043d, \u0442\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0432 \u0444\u0430\u0439\u043b. \u041f\u043e\u0441\u043b\u0435 \u043e\u0442\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u0444\u0430\u0439\u043b \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f. \u0415\u0441\u043b\u0438 \u043f\u0443\u0442\u044c \u0434\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430 \u043d\u0435 \u0437\u0430\u0434\u0430\u043d, \u0442\u043e \u043b\u043e\u0433 \u0431\u0443\u0434\u0435\u0442 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d \u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u043f\u043e\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u00ablog.log\u00bb.<\/p>\n
if ($SaveResult -ne ""){    $LogFile | Out-File $SaveResult -Encoding utf8    Invoke-Item  $SaveResult    $Event2= @{}    $Event = @{}    $Log_Path=""  } else{    $LogFile | Out-File ".\\log.log" -Encoding utf8    Write-Host $LogFile    $Event2= @{}    $Event = @{}    $Log_Path="" } <\/code><\/pre>\n
  \u0421\u043f\u0430\u0441\u0438\u0431\u043e \u0437\u0430 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435. <\/p>\n
  \u0412\u043e \u0432\u0440\u0435\u043c\u044f \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u0430 \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0441\u0442\u0430\u0442\u044c\u044f "PowerShell \u0438 \u0430\u0443\u0434\u0438\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438<\/a>", \u0441\u043f\u0430\u0441\u0438\u0431\u043e \u0430\u0432\u0442\u043e\u0440\u0443.       <\/p>\n
<\/div>\n
 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  http:\/\/habrahabr.ru\/post\/271963\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
       \u0410\u0443\u0434\u0438\u0442 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043c\u043e\u0433 \u043c\u043e\u0435\u043c\u0443 \u043a\u043e\u043b\u043b\u0435\u0433\u0435 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043b\u044e\u0431\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u043c\u0435\u044e\u0442 \u0445\u043e\u0442\u044c \u043a\u0430\u043a\u043e\u0439-\u0442\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0438\u043b\u0438 ActiveDirectory. <\/p>\n
  \u0412 \u0442\u043e\u043f\u0438\u043a\u0435 \u0431\u0443\u0434\u0435\u0442 \u043c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439, \u043d\u0430\u0434\u0435\u044e\u0441\u044c, \u0431\u0443\u0434\u0435\u0442 \u0432\u0430\u043c \u043f\u043e\u043b\u0435\u0437\u0435\u043d. <\/p>\n
  \u041f\u0435\u0440\u0432\u044b\u043c \u0434\u0435\u043b\u043e\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u044b\u043b\u043e \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0441\u043e\u0431\u044b\u0442\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0431\u044b\u043b\u043e \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0442\u044c. \u0427\u0442\u043e\u0431\u044b \u0443\u043c\u0435\u043d\u044c\u0448\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0442\u0435\u043a\u0441\u0442\u0430, \u044f \u0441\u043e\u0437\u0434\u0430\u043b\u0430 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e ID \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0432\u044b\u0434\u0430\u0435\u0442 \u0435\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-269296","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/269296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=269296"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/269296\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=269296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=269296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=269296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}