I originally assumed Get-WinEvent cannot be executed on Windows 2003, i.e. source computer must be Vista or later OS. However, it can be ran against a Windows 2003, from a Vista+ computer. It appears this is not the case – I tried the following options:
- Get-WinEvent from a Windows 7 to Windows 2003 in another domain.
- Get-WinEvent from a Windows 2008 R2 to Windows 2003 in the same domain.
Both show this error:
There are no more endpoints available from the endpoint mapper
Event log entries are extracted successfully in each of the above scenarios using Get-EventLog. runas /netonly /user:xxx powershell is required to connect with another domain.
Does it mean both source and target machine must be Vista+ or this error is unrelated to Get-WinEvent compatibility?
Best Answer
Get-WinEvent targets the event logs for Vista and newer OS's. The event log infrastructure was rebuilt then and allows for more advanced querying. Server 2003 and earlier do not support that type of query mechanism. Get-WinEvent can also target the new event logs generated by Event Tracing for Windows (ETW).
Get-EventLog will work against the older operating systems, as well as the new OS's, but cannot access the new logs and does not support the same querying capabilities. (And in my experience performs more slowly than Get-WinEvent.)
You should be able to use Get-WinEvent from any client computer that supports PowerShell V2, but the source of the event logs must be Vista or newer.Both the client and server must be Vista or newer.