______ __ ______ _ __ ____
/ ____/__ / /_ / ____/___ _(_) /__ ____/ / / ____ ____ _____ ____ _____
/ / __/ _ \/ __/_____/ /_ / __ `/ / / _ \/ __ / / / __ \/ __ `/ __ \/ __ \/ ___/
/ /_/ / __/ /_/_____/ __/ / /_/ / / / __/ /_/ / /___/ /_/ / /_/ / /_/ / / / (__ )
\____/\___/\__/ /_/ \__,_/_/_/\___/\__,_/_____/\____/\__, /\____/_/ /_/____/
/____/
https://github.com/bragdonjm/PS-Automox-Worklets/blob/main/Worklets/Get-FailedLogons.ps1
Computer not connected to Activate Directory can have issues reporting failed login attempts. Through Automox Worklets, you can
now query batches of remote Windows computers running Automox for any failed logins attempts. A nicely formated table including
the most relevent metadata is returned.
Note:
- This script must be run as admin.
To access the security log, you must run this through a privledges powerhsell prompt.
- Verbose is supported.
Usage:
Example: ./Get-FailedLogons.ps1
Total number of events: 1
TargetAccount LogonType CallingComputer IPAddress TimeStamp
------------- --------- --------------- --------- ---------
Guest Network REDQUEEN - 9/24/2020 3:50:24 PM
Faq:
Q: Can you change the event ID?
A: -eventId Parameter is offered but really should not be changed. This script is expecting a specific output that may not process
well with a different event ID.
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.