Download EventLog module

Download the module and modify ROOT_UNCstub.ps1.. Contribute more on Github.

Download ZIP

You will also need one of the login.ps1 files, if you don't have one already:

  • is a stub, it accepts any login with a password "root"
  • checks user credentials in AD system, groups are always 'RO;RW'
  • checks what AD groups user belongs to, requires additional cmdlet Get-ADPrincipalGroupMembership to be installed on a server. Edit AD groups names - they are different in every company

Audit file, audit.ps1 - is available in 3 different sample versions:

  • - blank audit, does nothing
  • - appends to bell.log in HOMEPATH of a service account used (may be you would like to change the directory?)
  • - logs to a table (MSSQL). Replace target server name and database name. Execute audit.sql before using to create an audit table and procedure