Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Powershell script for getting remote Security event logs on DCs

Posted on 2009-07-16
3
1,379 Views
Last Modified: 2012-06-21
OK, I've looked all over for a good answer but haven't had much luck.  I need to remotely search my Server 2008 DCs for all User Account Lockouts (Security event 4740, I believe) for the past 24 hours only and save this to a text file.  I also only need the following data in the file:

(1) Logged (date/time)
(2) TargetUserName (domain user ID)
(3) TargetDomainName (the PC/Server where the account locked)

I would like to use PowerShell for this.  Any help would be appreciated.
0
Comment
Question by:sanderson321
3 Comments
 
LVL 4

Expert Comment

by:solomonacquah
ID: 24874147
There is a nice tool you get get called EventLog Monitor via http://www.jdhitsolutions.com/scripts.htm
0
 
LVL 6

Accepted Solution

by:
pilozite earned 500 total points
ID: 24874419
Did you read this post from MoW ? http://mow001.blogspot.com/2006/12/powershell-access-remote-eventlogs.html

using .NET getEventLog, you can retrieve any kind of information in remote event logs.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 24875888
you could also use inbuilt event log forwarding to a central server and then filter them by event ID and dump to a file....
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Copy with attributes 2 25
Domain trust created by PDC name 6 36
Migrating Roaming Profiles to new server 5 25
Getting output of invoke command into a combo box 1 13
Synchronize a new Active Directory domain with an existing Office 365 tenant
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question