How do I troubleshoot the Set-Strictmode Powershell command?

Hi Expert,

Why does line 4, Get-WinEvent, fail when I add the 'Set-StrictMode -Version Latest' entry?
What is the best way to troubleshoot results from this setting?

Thank you. CuriousMAUser

Set-StrictMode -Version Latest
 $cred = Get-Credential Domain\admin
# Grab the events from a DC
 $Events = Get-WinEvent -ComputerName DC01 -Credential $cred -FilterHashTable @{Logname='Security';ID=4729}  

# Parse out the event message data
 ForEach ($Event in $Events) {
  # Convert the event to XML
  $eventXML= [xml]$Event.ToXml()
 
  # Iterate through each one of the XML message properties
  For ($i=0; $i -lt $eventXML.Event.EventData.Data.Count; $i++) {
 
  # Append these as object properties
  Add-Member -InputObject $Event -MemberType NoteProperty -Force `
    -Name $eventXML.Event.EventData.Data[$i].name `
    -Value $eventXML.event.eventData.Data[$i].'#text'
 
  # View the results with your favorite output method
  $Events | Select-Object -property MemberName, ID, TargetUserName, TargetDomainName, TimeCreated, Message | export-csv C:\Scripts\WinEventID4729.csv

   }
}
CuriousMAUserAsked:
Who is Participating?
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Doesn't matter if you put it inside or outside of the block.
I'm not certain I understand the meaning of $psitem, though.
And off course it is bad style to repeat the same code just changing the event ID.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
First step with PowerShell is always to read the error message. PS is verbose on failure.
Which PS release are you running?
0
 
CuriousMAUserAuthor Commented:
Thank you, Qlemo.

Of course, I tried to repeat the process and was unable to repeat the error.

I started with
Set-StrictMode -Version 4 - ran the script successfully
Set-StrictMode -Version Latest - ran the script successfully

Hmmmm. The error did appear once, maybe I had a fat figure error and the syntax was incorrect. I'll keep testing and see what I find. If I can't repeat the error I'll close the ticket. Thank you for the quick response.
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Just has been some kind of typo or other failure probably.
0
 
CuriousMAUserAuthor Commented:
Hi Qlem,

A different script did create an error message:
System.Management.Automation.RuntimeException
The variable '$UserName' cannot be retrieved because it has not been set.
System.Management.Automation.RuntimeException
The variable '$UserName' cannot be retrieved because it has not been set.

The variable $UserName needs to be defined. Does that belong before the 'try' statement? Can you supply an example?
*********************************************************
Set-ExecutionPolicy remotesigned -Force
Import-module activedirectory

Set-StrictMode -Version Latest

try{
 $SearchID='4728'
 get-childitem "C:\EventLog\SecurityEvents.evtx" | select FullName | forEach{
  %{get-winevent  -filterHashTable @{path=$psitem.Fullname;ID=$SearchID } -ErrorAction Stop   |                
     ? {$psitem.Properties[5].Value -match $UserName}   |  
     Select-Object -Property TimeCreated, `
                             @{Name='SecurityId';Expression={$psitem.Properties[4].Value}}, `
                             @{Name='AccountName';Expression={$psitem.Properties[5].Value}}, `
                             @{Name='AccountDomain';Expression={$psitem.Properties[6].Value}}, `
                             @{Name='LogonId';Expression={$psitem.Properties[7].Value}}, `
                             @{Name='LogonType';Expression={$psitem.Properties[8].Value}}, `
                             @{Name='Description';Expression={$psitem.Message}}, `
     Format-Table
 }  }
 }
 Catch{
 $psitem.Exception.GetType().FullName
 $psitem.Exception.Message
 }
#
# Event Code 4729
#
try{
 $SearchID='4729'
 get-childitem "C:\EventLog\SecurityEvents.evtx" | select FullName | forEach{
  %{get-winevent  -filterHashTable @{path=$psitem.Fullname;ID=$SearchID } -ErrorAction Stop   |                
     ? {$psitem.Properties[5].Value -match $UserName}   |  
     Select-Object -Property TimeCreated, `
                             @{Name='SecurityId';Expression={$psitem.Properties[4].Value}}, `
                             @{Name='AccountName';Expression={$psitem.Properties[5].Value}}, `
                             @{Name='AccountDomain';Expression={$psitem.Properties[6].Value}}, `
                             @{Name='LogonId';Expression={$psitem.Properties[7].Value}}, `
                             @{Name='LogonType';Expression={$psitem.Properties[8].Value}}, `
                             @{Name='Description';Expression={$psitem.Message}},
     Format-Table
 }  }
 }
 Catch{
 $psitem.Exception.GetType().FullName
 $psitem.Exception.Message
 }
0
 
CuriousMAUserAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for CuriousMAUser's comment #a40594680

for the following reason:

Hi Qlem,

Thank you for your response to the first question. Sorry I tried to slip in another. :-)

Enjoy the weekend. I'll work on the variable question myself. That was a lazy response.

Thank you. You've opened my eyes to what to ask.
0
 
CuriousMAUserAuthor Commented:
Good point, thx
0
 
footechCommented:
$psitem is the same as $_
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.