August 2019
Intermediate to advanced
786 pages
20h 22m
English
It is important to know about failed attempts to log in to the DC, not just the successful attempts. These can be a result of potentially malicious activity.
The following script will create a report to indicate the login failures on a given domain controller:
## Report for DC login Failures ##$failedevent = $null$Date= Get-date $dc = Read-Host 'What is the Domain Controller ?'$Report= "C:\auditreport.html"$HTML=@"<title>Failed Login Report for $dc</title><style>BODY{background-color :LightBlue}</style>"@ $failedevent = Get-Eventlog security -Computer $dc -InstanceId 4625 -After (Get-Date).AddDays(-7) | Select TimeGenerated,ReplacementStrings | % { New-Object PSObject -Property @{ SourceComputer = $_.ReplacementStrings[13] ...Read now
Unlock full access