powershell: get-winevent has no message data?

What locale are you running under?

There is a .NET bug where the underlying .NET method (that Get-WinEvent uses) fails to populate localised fields (like Message) in some locales (like en-GB).

Fix is to switch to en-US for the command:

$orgCulture = Get-Culture[System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"# Perform Get-WinEvent[System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture

I believe this is because the messages are hidden in a property value. To display all messages, pipe the get-winevent to the select statement with the following expressions:

@{Label='Messages';Expression={$_.properties.Value}}

If you wish to display a specific message, for instance Logon Process (In security logs), use the expression:

@{Label='Logon Process';Expression={$_.properties.Value[3]}}

I know I have seen get-winevent not work on Windows Server 2003 in the past when I have tried it. Basically the PS environment said get-winevent didn't work for 2003. That may have been PS v1 then, so I am not sure if that was resolved with newer versions of PS: I am on 2K8 R2 now.

On my