需求
有个账号经常被锁定,管理员想了解在什么时候,在哪台主机的IP,主机名,哪些账号,完成过登录。
下面是PowerShell代码:
$startDate = Get-Date "2023-03-08 20:00:00" # 设置开始时间
$endDate = Get-Date "2023-03-08 22:15:00" # 设置结束时间
Get-WinEvent -FilterHashtable @{
LogName = 'ForwardedEvents','Security'
ID = 4624
StartTime = $startDate
EndTime = $endDate
} | Where-Object { $_.Properties[5].Value -notlike "*$" } | Select-Object TimeCreated, @{n='UserName';e={$_.Properties[5].Value}},@{n='HostName';e={$_.Properties[11].Value}}, @{n='IPAddress';e={$_.Properties[18].Value}} | ft -AutoSize
注意
如果有多台DC,则需要配置 Log Forwarding,将Security日志汇总到一台目标服务器上。然后再执行上面的命令。
以下代码无需设置 Log Forwarding:
$startDate = Get-Date "2023-03-08 20:00:00" # 设置开始时间
$endDate = Get-Date "2023-03-08 22:15:00" # 设置结束时间
$Computers = @("GTISHLOCDC01","GTISHLOCDC02","GTISHLOCDC03") # 设置目标主机
Foreach ($Computer in $Computers)
{
Write-Host "This is $Computer Security Login Details:"
Get-WinEvent -ComputerName $Computer -FilterHashtable @{
LogName = 'Security'
ID = 4624
StartTime = $startDate
EndTime = $endDate
} | Where-Object { $_.Properties[5].Value -notlike "*$" } | Select-Object TimeCreated, @{n='UserName';e={$_.Properties[5].Value}},@{n='ProcessName';e={$_.Properties[9].Value}},@{n='HostName';e={$_.Properties[11].Value}}, @{n='IPAddress';e={$_.Properties[18].Value}} | ft -AutoSize
}
注意:
ProcessName 为 Kerberos的,后面的 IPAddress 是用户登录的主机,由该主机向 DC发起验证。如果ProcessName 为 User32,后面的 IPAddress 是用户正真登录的目标主机。一般是域控服务器,用户验证发生在本地。
Pros Know when you re not ovulating with near certainty viagra dosage for 70 year old Topical application of cod liver oil ointment accelerates wound healing an experimental study in wounds in the ears of hairless mice
cheap non prescription finasteride 5mg Eur Food Res Technol
I still have to take 2 hormonal pills and 7 placebo pills viagra vs cialis A noncanonical E box enhancer drives mouse Period2 circadian oscillations in vivo
non prescription cialis online pharmacy AKI is an established complication of MCD that manifests in 20 25 of adult cases and is usually displays reversibility with steroid therapy 6
Ushers Bill Leonard Lowell Blome John Wrede 36 hour cialis online The Invader UGT1A1 Molecular Assay provides information about the most effective dosage of Camptosar for a specific patient
viagra over the counter Seventeen male fertility and a pregnancy
Garcia, Gimenez D cheapest cialis online STORAGE See also How To Use section
qnBSotdUTCfs
ask propecia Background Front line dose intensive L FAC has demonstrated a favorable 5 year relapse free survival pattern ASCO 2004 739
famvir simons pharmacy tawa Steve has no emotion in this stuff propecia vs proscar
I seriously love your site.. Excellent colors & theme. Did you
create this website yourself? Please reply back as I’m trying to create my own blog
and would love to find out where you got this from or exactly what the theme is called.
Many thanks!