Download EventLog module
Download the module and modify ROOT_UNCstub.ps1..
Contribute more on Github.
You will also need one of the login.ps1 files, if you don't have one already:
- loginDummy.zip is a stub, it accepts any login with a password "root"
- loginAD.zip checks user credentials in AD system, groups are always 'RO;RW'
- loginADext.zip checks what AD groups user belongs to, requires additional cmdlet Get-ADPrincipalGroupMembership to be installed on a server. Edit AD groups names - they are different in every company
Audit file, audit.ps1 - is available in 3 different sample versions:
- auditNull.zip - blank audit, does nothing
- auditFile.zip - appends to bell.log in HOMEPATH of a service account used (may be you would like to change the directory?)
- auditTable.zip - logs to a table (MSSQL). Replace target server name and database name. Execute audit.sql before using to create an audit table and procedure