Search for who changed the security group

Share |

Browse Library

Module Library
QuickClick Library
Script Library
Active Directory
BizTalk
Citrix
Clustering
Desktop
Exchange Server 2003
Exchange Server 2007
File System
Group Policy
Internet Information Server (IIS)
Local Accounts
Logs
Microsoft Office
Microsoft Team Foundation Server
MySQL
Networking
Registry
Remote Desktop Services
Remoting
Security
SharePoint
SQL Server
System Center Virtual Machine Manager
System Center Configuration Manager
System Center Operations Manager
Tutorial
Terminal Server
Using .Net
Virtual Server
VMware
Windows 7
Windows HPC
Windows Server 2000
Windows Server 2003
Windows Server 2008
Windows XP
WMI
Misc
Snippet Library
Video Library
Members Only
PowerTips Reference Library

Tags

DateTime
Function
gprs
log
modem
monitor
online

Previous | Next | View all files | View Slideshow

Download

posted by mpetka

02-07-2013

Downloads: 77

File size: 158 B

Embed

Search for who changed the security group

Get-WinEvent -ComputerName dc03 -FilterHashtable @{logname='security'; id=4757} | Where { $_.message -like �*Matthew L*� -and $_.message -like '*secure-users* 

Filed under: log

Today I was asked who had made a change to one of our security groups. Back in the bad old days I would open up event viewer. Set the filter and open events one at a time.....

Today we have Powershell. This one-liner will search the security log of a DC and then search through the message body of the event to get the one you want

Get-WinEvent -ComputerName dc0x -FilterHashtable @{logname='security'; id=4757} | Where { $_.message -like ‘*Matthew L*’ -and $_.message -like '*secure-users*