Remote collect .evtx security audit logs


  • Hello,

    I'm wondering if anyone has ever posted a script such as this, and if so, wondering if you have a link to it.

    Environment is a Server 2003 Ent DC backend and Windows 7 Ent workstations.

    Looking for a script that would do the following:

    1 - Can be be executed on a workstation through something like SCCM

    2 - When it runs, collects the Security Audit Logs from each workstation and puts it on a network share location, appending the name of the workstation to the file name for easy identification

    3 - Deletes the collected audit logs from the workstation once collected

    I'm not broadly knowledgeable about scripting at all, and any help performing this operation would be greatly appreciated. I am trying to research this on the web but much of the information is not very clear to a non-script oriented person such as myself.

    At one point we had a third party utility that did this and ran great on XP workstations, but the vendor has not updated it for the Windows 7 environment. Now we are stuck manually logging into workstations to collect audit logs which is very slow and painful.

    Thanks in advance for any advice, tips or suggestions.

    Monday, July 22, 2013 7:04 PM


All replies