Solved

Powershell script for getting remote Security event logs on DCs

Posted on 2009-07-16
3
1,383 Views
Last Modified: 2012-06-21
OK, I've looked all over for a good answer but haven't had much luck.  I need to remotely search my Server 2008 DCs for all User Account Lockouts (Security event 4740, I believe) for the past 24 hours only and save this to a text file.  I also only need the following data in the file:

(1) Logged (date/time)
(2) TargetUserName (domain user ID)
(3) TargetDomainName (the PC/Server where the account locked)

I would like to use PowerShell for this.  Any help would be appreciated.
0
Comment
Question by:sanderson321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:solomonacquah
ID: 24874147
There is a nice tool you get get called EventLog Monitor via http://www.jdhitsolutions.com/scripts.htm
0
 
LVL 6

Accepted Solution

by:
pilozite earned 500 total points
ID: 24874419
Did you read this post from MoW ? http://mow001.blogspot.com/2006/12/powershell-access-remote-eventlogs.html

using .NET getEventLog, you can retrieve any kind of information in remote event logs.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 24875888
you could also use inbuilt event log forwarding to a central server and then filter them by event ID and dump to a file....
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question