Download EventLog module


Download the module and modify ROOT_UNCstub.ps1.. Contribute more on Github.

Download ZIP

You will also need one of the login.ps1 files, if you don't have one already:

  • loginDummy.zip is a stub, it accepts any login with a password "root"
  • loginAD.zip checks user credentials in AD system, groups are always 'RO;RW'
  • loginADext.zip checks what AD groups user belongs to, requires additional cmdlet Get-ADPrincipalGroupMembership to be installed on a server. Edit AD groups names - they are different in every company

Audit file, audit.ps1 - is available in 3 different sample versions:

  • auditNull.zip - blank audit, does nothing
  • auditFile.zip - appends to bell.log in HOMEPATH of a service account used (may be you would like to change the directory?)
  • auditTable.zip - logs to a table (MSSQL). Replace target server name and database name. Execute audit.sql before using to create an audit table and procedure