Forensics: Automating Active Directory Account Lockout Search with PowerShell (an example of deep XML filtering of event logs across multiple servers in parallel)

Overview Today we learn how to efficiently filter event log queries, going beyond simple event ID filtering into the specific values of the XML message data. Then we will run this filter against multiple servers in parallel for faster data collection. This posts meets the following objectives: Add some efficiencies to my previous popular post…

19

PowerShell Get-WinEvent XML Madness: Getting details from event logs

Announcements Before we jump into today’s script here are some current events: This blog post celebrates three years of PowerShell blogging on TechNet as GoateePFE.  It has been a great ride, and I am far from done.  See the most popular posts here.  Thank you for making this blog successful. The PowerShell Deep Dives book…

52