Linuxkids Rotating Header Image

FindRDPLogins.ps1

This is a PowerShell script that will search through the local machine’s security log for Interactive logins.

$Date = [DateTime]::Now.AddDays(-14)

$eventList = @()
Get-EventLog "Security" -After $Date `
    | Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[8] -eq 10 -and $_.ReplacementStrings[4].Length -gt 10 -and $_.ReplacementStrings[5] -notlike "*$"} `
    | foreach-Object {
        $row = "" | Select UserName, LoginTime, IPAddress
        $row.UserName = $_.ReplacementStrings[5]
        $row.LoginTime = $_.TimeGenerated
	$row.IPAddress = $_.ReplacementStrings[18]
        $eventList += $row
        }
$eventList

One Comment

  1. The Margret says:

    You’re script rocks.

Leave a Reply

Your email address will not be published. Required fields are marked *


Warning: require_once(/home/linuxkid/linuxkids.dreamhosters.com/wp-content/themes/primepress/footer.php): failed to open stream: Permission denied in /home/linuxkid/linuxkids.dreamhosters.com/wp-includes/template.php on line 688

Fatal error: require_once(): Failed opening required '/home/linuxkid/linuxkids.dreamhosters.com/wp-content/themes/primepress/footer.php' (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/linuxkid/linuxkids.dreamhosters.com/wp-includes/template.php on line 688