Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Powershell script for getting remote Security event logs on DCs

Posted on 2009-07-16
3
Medium Priority
?
1,388 Views
Last Modified: 2012-06-21
OK, I've looked all over for a good answer but haven't had much luck.  I need to remotely search my Server 2008 DCs for all User Account Lockouts (Security event 4740, I believe) for the past 24 hours only and save this to a text file.  I also only need the following data in the file:

(1) Logged (date/time)
(2) TargetUserName (domain user ID)
(3) TargetDomainName (the PC/Server where the account locked)

I would like to use PowerShell for this.  Any help would be appreciated.
0
Comment
Question by:sanderson321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:solomonacquah
ID: 24874147
There is a nice tool you get get called EventLog Monitor via http://www.jdhitsolutions.com/scripts.htm
0
 
LVL 6

Accepted Solution

by:
pilozite earned 1500 total points
ID: 24874419
Did you read this post from MoW ? http://mow001.blogspot.com/2006/12/powershell-access-remote-eventlogs.html

using .NET getEventLog, you can retrieve any kind of information in remote event logs.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 24875888
you could also use inbuilt event log forwarding to a central server and then filter them by event ID and dump to a file....
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question