Sorting Windows events by UserID is a critical piece of auditing. In the code and examples below, I concentrate on:$Logs="System","Application","Microsoft-Windows-GroupPolicy/Operational"purposefully leaving out the Security log. We can create a simple function that allows us to check all events logs on any machine sorted by file size:function CheckEventLogsBySize{get-winevent -listlog * | Sort -desc FileSize |ft -auto LogName,@{Label="FileLogSize(MB)";...