選擇windows的事件檢視器---windows日志----安全----篩選目前日志
使用XML過濾文法查詢,将預設的select語句替換成如下select語句,
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">* [EventData[Data[@Name='TargetUserName']='tangjunyi']]</Select>
</Query>
</QueryList>
結果:
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIiM21TawFmJwADM1UDO0gDMwkDNx0TZ0FGRu9Wa0F2YpZWak9WbmETPu9WazJXZ29zZuBnLzITQzUCOyE0MlYTMwITJxITLz0yNxAjMoRXYwNWaw91dfB3LcJDM3cDMyATM48CXzRWYvxGc191dfB3LcRWYvxmb39GZvwVbvNmLpFWdr5WYz5Sarl2dvw1LcpDc0RHaiojIsJye.png)
詳細資訊:
鎖定來源是WIN-I0VBNSILATT,應該是筆記本。
參考:
https://www.beaming.co.uk/support/it-servers-applications/how-to-search-the-windows-event-log-for-logins-by-username/