<# # relatorio_rdp.ps1 # # Relatorio de Conexoes via RDP # Extrai o relatorio de todas as conexoes realizada em um ou mais servidores # # Por: Marcos Henrique | www.100security.com.br # # #> $hosts = @( 'SRV-2008' # 'HOST01', # 'HOST02', # 'HOST03', # 'HOST04' ) foreach ($servidor in $hosts) { $LogFilter = @{ LogName = 'Microsoft-Windows-TerminalServices-LocalSessionManager/Operational' ID = 21, 23, 24, 25 } $entradas = Get-WinEvent -FilterHashtable $LogFilter -ComputerName $servidor $entradas | Foreach { $entrada = [xml]$_.ToXml() [array]$saida += New-Object PSObject -Property @{ DATA_HORA = $_.TimeCreated USUARIO = $entrada.Event.UserData.EventXML.User COMPUTADOR = $entrada.Event.UserData.EventXML.Address EventID = $entrada.Event.System.EventID HOST = $servidor } } } $exportar += $saida | Select DATA_HORA, USUARIO, HOST, COMPUTADOR, @{Name='STATUS';Expression={ if ($_.EventID -eq '21'){"LOGON"} if ($_.EventID -eq '22'){"SHELL START"} if ($_.EventID -eq '23'){"LOGOFF"} if ($_.EventID -eq '24'){"DESCONECTADO"} if ($_.EventID -eq '25'){"RECONECTADO"} } } $data = (Get-Date -Format d) -replace "/", "-" # Formatacao HTML $a = "" # Exportando para HTML: $b = "

Relatório de Conexões via RDP
" $exportar | Sort "DATA_HORA" –des | ConvertTo-Html -head $a -body $b | Set-Content Relatorio_RDP_$data.html