Powershell: Active Directory Logon Errors.

It is important in terms of security to monitor logon events on our servers. We can periodically run this PowerShell script to see if there is any suspecious logon attempt.

logonFails.ps1

Clear-Host

$Date= Get-date
$DC= "dc.local"  # buraya domain controller'ımızı yazıyoruz.
$Report= "C:\scripts\reports\logon-logoff\logonfails.html" # oluşturacağımız rapor dosya adı
$days = 1

$HTML=@"
<title>Logon-Fail Raporu</title>
<style>
BODY{background-color :#FFFFF}
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}
TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow}
TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent}
</style>
"@

try{
 $eventsDC= Get-Eventlog security -Computer $DC -InstanceId 4625 -After (Get-Date).AddDays(-$days) |
 Select TimeGenerated,ReplacementStrings |
 % {
 New-Object PSObject -Property @{
 Source_Computer = $_.ReplacementStrings[13]
 UserName = $_.ReplacementStrings[5]
 IP_Address = $_.ReplacementStrings[19]
 Date = $_.TimeGenerated
 }
 }

 $eventsDC | ConvertTo-Html -Property Source_Computer,UserName,IP_Address,Date -head $HTML -body "<H2>Gernerated On $Date</H2>"|
 Out-File $Report -Append
 echo $true
 }catch{ echo $false}</pre>
<pre>

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Yandex.Metrica