Linuxkids Rotating Header Image

FindRDPLogins.ps1

This is a PowerShell script that will search through the local machine’s security log for Interactive logins.

$Date = [DateTime]::Now.AddDays(-14)

$eventList = @()
Get-EventLog "Security" -After $Date `
    | Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[8] -eq 10 -and $_.ReplacementStrings[4].Length -gt 10 -and $_.ReplacementStrings[5] -notlike "*$"} `
    | foreach-Object {
        $row = "" | Select UserName, LoginTime, IPAddress
        $row.UserName = $_.ReplacementStrings[5]
        $row.LoginTime = $_.TimeGenerated
	$row.IPAddress = $_.ReplacementStrings[18]
        $eventList += $row
        }
$eventList

One Comment

  1. The Margret says:

    You’re script rocks.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>