none
RDP Auditing RRS feed

  • General discussion

  • i have this script in place running against a single server as you can see. I would like it to use a -searchbase to look at a specific AD OU for instance and run against those servers and dump to txt every day. 

    Get-WinEvent -computername servernamehere -FilterHashTable @{LogName="Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational";StartTime=(get-date).AddDays(-30);ID=1149} | %{

    New-Object PSObject -Property @{
    MachineName = $_.MachineName
    TimeCreated = $_.TimeCreated
    User = $_.Properties[0].Value            
    Domain = $_.Properties[1].Value            
    SourceIP = $_.Properties[2].Value 
    }
    }| Select MachineName,TimeCreated,User,Domain,SourceIP | ft -AutoSize
    }

    • Changed type Bill_Stewart Friday, July 27, 2018 4:17 PM
    • Moved by Bill_Stewart Friday, July 27, 2018 4:17 PM This is not "scripts on demand"
    Tuesday, April 17, 2018 10:04 PM

All replies

  • What have you tried to accomplish this goal?

    (This is not a "code-on-demand" service; while we're glad to help answer specific questions, we don't have the resources to redesign/rewrite scripts on demand.)


    -- Bill Stewart [Bill_Stewart]

    Tuesday, April 17, 2018 10:09 PM
  • Here is a readable version of your badly posted code;

    $filter = @{
        LogName = 'Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational'
        StartTime = [datetime]::Today.AddDays(-30)
        ID=1149
    }
    $props = @(
        'MachineName',
        'TimeCreated', 
        @{n='User'        ;e={$_.Properties[0].Value}},
        @{n='Domain'  ;e={$_.Properties[1].Value}},
        @{n='SourceIP';e={$_.Properties[2].Value}}
    )
    Get-WinEvent -FilterHashTable $filter -computername servernamehere |
        Select-Object $props | 
        Format-Table -AutoSize

    It does not give us a clue as to what you are trying to ask.


    \_(ツ)_/



    • Edited by jrv Tuesday, April 17, 2018 11:02 PM
    Tuesday, April 17, 2018 11:01 PM
  • He wants someone to update his script to a specification ("change this to search for computers in an OU and run this query for each of them"). Queries like that are outside the stated scope of this forum.

    This can be accomplished by using queries like "PowerShell get list of computers in an OU" and "PowerShell iterate a list of items" and combining to get the needed results.

    Of course, we would also recommend starting with some PowerShell tutorials and build up learning in order to formulate a more specific question, such as: "Here is the code I am trying to use to list computers in an OU, but I get error 'x'. Can anyone help me understand what I am doing wrong?"


    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 18, 2018 2:10 PM