PSWinReporting
This PowerShell Module
, which started as an event library (Get-EventsLibrary.ps1
), has now grown up and became full fledged PowerShell Module. This module has multiple functionalities but one of the signature features of this module is ability to parse Security (mostly) logs on Domain Controllers
.
Project Features
Following features are done:
- Group create, delete, modify (Who / When / What)
- Group membership changes (Who / When / What)
- User changes (Who / When / What)
- User create, delete (Who / When)
- User password changes (Who / When)
- User lockouts (Who / When / Where)
Run script/config:
And get a nice report
To Do
- Support for forwarded events
- Support for encrypting email password
- Active Directory Diagnostics Reporting
- File Server Events monitoring
Links
Documentation for PSWinReporting (overview - latest post):
Documentation for PSWinReporting (module description, installation, how to):
https://evotec.xyz/hub/scripts/pswinreporting-powershell-module/
Module is published on Powershell Gallery: