Powershell script for getting remote Security event logs on DCs

OK, I've looked all over for a good answer but haven't had much luck.  I need to remotely search my Server 2008 DCs for all User Account Lockouts (Security event 4740, I believe) for the past 24 hours only and save this to a text file.  I also only need the following data in the file:

(1) Logged (date/time)
(2) TargetUserName (domain user ID)
(3) TargetDomainName (the PC/Server where the account locked)

I would like to use PowerShell for this.  Any help would be appreciated.
sanderson321Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
piloziteConnect With a Mentor Commented:
Did you read this post from MoW ? http://mow001.blogspot.com/2006/12/powershell-access-remote-eventlogs.html

using .NET getEventLog, you can retrieve any kind of information in remote event logs.
0
 
solomonacquahCommented:
There is a nice tool you get get called EventLog Monitor via http://www.jdhitsolutions.com/scripts.htm
0
 
Jay_Jay70Commented:
you could also use inbuilt event log forwarding to a central server and then filter them by event ID and dump to a file....
0
All Courses

From novice to tech pro — start learning today.