2012 Scripting Games Beginner Event 7: Display a List of Enabled Logs

 2012 Scripting Games badge

Summary: In Beginner Event 7, you are required to display a list of all enabled logs on the computer that contain at least one entry.


About this event



Date of Event

4/10/2012 12:01 AM

Due Date

4/17/2012 12:01 AM


Event scenario

On a Windows 7 computer, nearly 500 logs provide auditing and troubleshooting capabilities. Many of these logs do not record any information unless an administrator enables them. You were recently discussing this information with your boss, and he asked a rather logical question:

“What logs actively record information on a Windows 7 computer at any given time?”

You were, of course, somewhat taken aback, and headed off to TechNet to find the answer. After about fifteen minutes of searching and clicking around, you were no closer to the answer than when you began. Your boss came over to you and suggested that you use Windows PowerShell to find the answer. The following image represents an acceptable type of output.

Image of command output

Design points

  • Your code should not display any errors when run.
  • Your code should display all logs that have entries in them.
  • Your code should display only logs that are enabled.
  • Your code should display any enabled hidden logs that contain entries in them.
  • You should display the complete log name, and the number of entries in the log.
  • The number of entries in the logs should be displayed in descending order (the log with the most entries in it should appear on the first line of the output).
  • You do not need to display a total count of the number of enabled logs that have entries.
  • The requirements for this scenario can be met with a “one liner” (a one line logical command). Depending on the width of your Windows PowerShell console and the screen resolution, it may occupy more than one physical line).
  • You do not need to write comment-based Help or accept command-line parameters (or anything like this). Your goal is simply to provide a bit of information to your boss—a “one liner” is perfectly acceptable.

2012 Scripting Games links

2012 Scripting Games: All Links on One Page

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. Good luck as you compete in this year’s Scripting Games. We wish you well.

Ed Wilson, Microsoft Scripting Guy 

Comments (18)

  1. mredwilson says:

    @Daniel-D you want logs that are enabled AND have a record entry count that is greater than 0. If there is an enabled log with NO entries in it, then do not display that log.

  2. mredwilson says:

    @Brad you probably want to add a bit of code to supress the errors. I am not looking for structured error handling, but just something so you get a clean output.

  3. mredwilson says:

    @Ratty67 I hate to see you go. This skill is essential for IT Pros on a day to day basis. You can download an eval copy of Windows 7 here technet.microsoft.com/…/cc442495

  4. mredwilson says:

    @Daniel-D a onelinner is acceptable, and it is permissible to use aliases in the one linner. If you want to make DOUBLE SURE then include a comment with the "long version" of your command.

  5. mredwilson says:

    @ZoomZoomDude you do not have to be an admin to run the script, but keep in mind the design requirements.

  6. mredwilson says:

    @SoCalDavis awesome! I am glad you are finding the events fun, and are learning something new each day!

  7. mredwilson says:

    @Get-Exchange No, I am not checking for remote connectivity on this event. Do not return errors from the command.

  8. Anonymous says:

    This one was pretty fun. Just like all of the other events, I have learned something new every day!

  9. Anonymous says:

    Hello Ed, Two question i have on this event:

    1) Should the solution be capable of running on remote computer?

    2) Should we hide all errors INCLUDING Terminating Erros?

    Thanks for your feedback, this will help me submitt event 7

  10. This event has been great, been rocking beginner and having a great time.  Looking forward to seeing the posted solutions so I can use the ideas presented here for training opportunities for my team.  Thanks for doing this!

  11. Dawn Villejoin says:

    Hmmm… Two of the design points have me over-thinking this. It's going to gnaw at me 🙂 Good thing I have 7 days to think it over.

  12. ZoomZoomDude says:

    What permission level do we need to run the script?  Can we assume that we're admins?

  13. brad says:

    by '•Your code should not display any errors when run'   does this mean we need to add error handeling or simple if you do it right there will be no errors to handle

  14. Daniel-D says:

    Regarding the following points (below), I see two possible ways to filter (Enabled AND Count > 0) vs (Enabled OR Count > 0). To me, the event scenario leans toward the first ("logs actively record"), but inorder to display all logs with entries, the later would be needed. Does the "enabled only" design point take presidence over the "all logs with entries"? Mr Ed, would you clarify?

    * Your code should display all logs that have entries in them.

    * Your code should display only logs that are enabled.


  15. Daniel-D says:

    Thanks for your answer on my previous question. Have another one for you: Given the "one-liner" design point, are you implying that aliases are acceptable, or will points be deducted if aliases are used since you did not state that they are explicitly acceptable?

  16. Zak Humphries says:

    DOH!! Clicked submit and realized I had left a Measure-Object for debugging at the end of my line….. 1 star 🙁

  17. ratty67 says:

    This is where I dropped out of the games. Believe it or not – not everyone has access to a Win7 machine  🙁

  18. Scott Alvarino Your Miami Tech Guy says:

    Hi Ed, is (Microsoft-Windows-WMI-Activity/Trace) considered a hidden log? (I believe it is) I have tested several scripts with this log enabled and with records in them and it doesn't appear because people use the (.recordcount) property to be more than 0 but this log doesn't have a recordcount amount even if it has entries. Even in the Expert Script submitted it doesn't pick up this log because it doesn't have a recordcount amount it just is empty. Am I wrong that (Microsoft-Windows-WMI-Activity/Trace) is supposed to be returned as well I made sure I have it enabled?

    thanks for everything Ed.

Skip to main content