I have the following script that pulls security logs showing users who were not able to login to the network. At the moment it does a line by line dump of the entire event log. What I really want is a list of users who had problems logging in. Bonus would be if it could sort by the number of times each user had problem. TIA.
Code:
Param(
[string[]]$computer = (Get-Content -path c:\scripts\server-monitoring-list.txt),
[string]$log = "security"
)
Function Get-BadSecEvents($computerName,$log)
{
$Now=Get-Date
$events = get-eventlog -computerName $computerName -logname $log -entrytype failureAudit -after (get-date).addDays(-7) | where {($_.eventID -eq 4771) -or ($_.eventID -eq 4776)}
}
# *** Entry Point to Script ***
if(-not($computer)) {"you must supply name for computer"; exit}
$computer |
Foreach -begin { "Querying $log Log for EventID: $eventID on server $computer" } `
-process { Get-BadSecEvents -ComputerName $_ -log $log} `
-end { "Completed querying $computer" }
