?
Solved

Powershell to look for logon on a remote PC

Posted on 2013-10-30
2
Medium Priority
?
322 Views
Last Modified: 2013-11-17
I need a fast and efficient way to look for the logon event for a specific user, lets call them janedoe, on a list of remote PC's.

To explain further, there are 4 PC's and I want to look at the event logs of those every day to see if janedoe logged on to any of those devices.

I would rather not have to connect to the event viewer for each of these PC's every day, so I was hoping to script it.  I figure Powershell can do this.

Can anyone help out?
0
Comment
Question by:southpau1
2 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 39612709
Try with Get-EventLog..
GC C:\Server.txt | % {
Get-EventLog -LogName security -InstanceId 4624 -ComputerName $_ -After (Get-Date).Adddays(-1) | 
    Select-Object -Property MachineName,timegenerated,
    @{n="AccountName";e = {$_.replacementstrings[5]}},
    @{n="AccountDomain";e = {$_.replacementstrings[6]}},
    @{n="WorkstationName" ; e = {$_.replacementstrings[13]}} |
    ? {$_.AccountName -eq "janedoe"}
} | Export-Csv C:\Report.csv -NTI

Open in new window

C:\Server.txt format..
ServerA
ServerB
ServerC

Open in new window

0
 
LVL 7

Author Closing Comment

by:southpau1
ID: 39654498
Looks great, thanks!
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
The viewer will learn how to count occurrences of each item in an array.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question