![]() ![]() In this guide we learned how to utilize the basic event viewer and combine it with our PowerShell codes to find out the list of workstations where a user has logged on. Line 146: And for last line, we Format-Table the result to show our final report.This final filtering is done to have a clean result without unnecessary information. Lines 143 to 145: Here and for the last time, the result is filtered against our exclusion list which we covered them before.Lines 120 to 130: Once the needed information are gathered from each single event, we need to place them in a nice, clean table.Lines 111 to 117: These lines will extract valuable information from each event and store them in appropriate variables.The events are gathered for our first DC, as next step we have to extract valuable information from each event and save them to an object, and then we move to next event. Now if you type “get” and hit tab key, it will be automatically completed and the name of the script along with its extension will be placed at the line: ![]() ![]() What are we going to do now is to “Dot Source” the script or load in into memory so we can start using the script.Ĭopy the script to a folder or drive (or place in C:\ to make things simpler!), then open up PowerShell and navigate to the folder or drive which contains the downloaded script. So far we have done the preparation and downloaded the script from Basically the rule of thumb for this setting is, if you like to have logon audits of 10 days before, you have to wait about 10 days after increasing the event log size to get enough events populated. Again it is worth mentioning to say, it all depends on the environment and you can start to query audits right after or wait a couple of days to get Now, link the GPO you just created to “Domain Controllers" OU and wait for some events to get populated. Image5: Firewall settings in order to enable 'Remote Event ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |