Solved

Powershell to look for logon on a remote PC

Posted on 2013-10-30
2
299 Views
Last Modified: 2013-11-17
I need a fast and efficient way to look for the logon event for a specific user, lets call them janedoe, on a list of remote PC's.

To explain further, there are 4 PC's and I want to look at the event logs of those every day to see if janedoe logged on to any of those devices.

I would rather not have to connect to the event viewer for each of these PC's every day, so I was hoping to script it.  I figure Powershell can do this.

Can anyone help out?
0
Comment
Question by:southpau1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39612709
Try with Get-EventLog..
GC C:\Server.txt | % {
Get-EventLog -LogName security -InstanceId 4624 -ComputerName $_ -After (Get-Date).Adddays(-1) | 
    Select-Object -Property MachineName,timegenerated,
    @{n="AccountName";e = {$_.replacementstrings[5]}},
    @{n="AccountDomain";e = {$_.replacementstrings[6]}},
    @{n="WorkstationName" ; e = {$_.replacementstrings[13]}} |
    ? {$_.AccountName -eq "janedoe"}
} | Export-Csv C:\Report.csv -NTI

Open in new window

C:\Server.txt format..
ServerA
ServerB
ServerC

Open in new window

0
 
LVL 7

Author Closing Comment

by:southpau1
ID: 39654498
Looks great, thanks!
0

Featured Post

Containers & Docker to Create a Powerful Team

Containers are an incredibly powerful technology that can provide you and/or your engineering team with huge productivity gains. Using containers, you can deploy, back up, replicate, and move apps and their dependencies quickly and easily.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question