Automating system administration tasks – Part2


II Audit

The next step in my daily monitoring is the reading of the auditing reports – here are the operations that I’d like to be aware of should they ever happen in my network:

I Operations with user/computer accounts:

    1) Password resets
    2) User created
    3) User deleted
    4) User logon has been denied

The scripts (please  rename the downloaded .docx files to .ps1 files before use):

UsersLogOnDenied.ps1 – UsersLogONDenied

The example reports:

FailureREASON codes (as found on Internet):

  • %%2305 The specified user account has expired. (532)
  • %%2309 The specified account’s password has expired. (535)
  • %%2310 Account currently disabled. (531)
  • %%2311 Account logon time restriction violation. (530)
  • %%2312 User not allowed to logon at this computer. (533)
  • %%2313 Unknown user name or bad password. (529)

All these .ps1 scripts are run by the single .cmd script Users.cmd – Users :

I’m using ping – n 5 > nul here  for pausing the scripts for ~5 seconds to allow the preceding command to complete.

MailFILES-U.vbs scripts just sends the resulting .txt files to the specified e-mail address – MailFILES-U .

As I want to get the users reports daily I’ve created the corresponding scheduled task – AuditUSERS:

The e-mail message with the users reports:

II Group modifications operations:

    1) User/Computer sccount is added to a global group
    2) User/Computer sccount is added to a local group
    3) User/Computer sccount is added to a universal group
    4) User/Computer sccount is deleted from a global group
    5) User/Computer sccount is deleted from a local group
    6) User/Computer sccount is deleted from a universal group


The scripts:

AddedToGlobalgroup.ps1 – AddedToGLOBALgroup
AddedToLOCALgroup.ps1 – AddedToLOCALgroup
AddedToUNIVERSALgroup.ps1 –
RemovedFromGLOBALgroup.ps1 – RemovedFromGLOBALgroup
RemovedFromLOCALgroup.ps1 RemovedFromLOCALgroup
RemovedFromUNIVERSALgroup.ps1 RemovedFromUNIVERSALgroup


All these 6 scripts are run by the Groups.cmd script: Groups


After running all .ps1 scripts the Groups.cmd script calls for MailFILES.vbs script  – MailFILES  – which sends the all produced reports to my e-mail address.


The example reports:

The task AuditGROUPS:

The resulting email message:


%d bloggers like this: