Get-SuccessLogons.ps1 (zpäť na zoznam)
Zbieranie informácií o úspešných prihlásenia na server (učet a čas prihlásenia) počas posledných X dní.
$hostname = hostname
$daysToCheck = 365
$date = (Get-Date).AddDays(-[int]$daysToCheck) #check last N days
$logAll = Get-WinEvent -LogName "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" #log to check (not every jump station has events for success logon in security log)
foreach ($log in $logAll) {
if ($log.TimeCreated -gt $date) {
if ($log.ID -eq "21") { #event ID for success logon via RDP
if ($log.Message -notmatch "acc_1|acc_2") { #filter local admin accounts
$time = $log.TimeCreated
$message = $log.Message
$found = $message -match 'User:(.+)\s*Session' #regex for user name
if ($found) {
$user = $matches[1]
}
else {
$user = "no user"
}
$hostname+";"+$time+";"+$user #write to console
}
}
}
}