Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #This powershell script will open the local event viewer viewing the remot-host's event logs. To accomplish this it must enable a set of remote firewall rules.
- #HOW TO:
- # 1. Make sure PSExec (Sysinternals.com) is stored in %Systemroot%\System32\
- # 2. Launch this script with App-Admin credentials from authorized computer.
- # 3. Enter computer name of remote computer
- If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
- #AutoElevate
- {
- $arguments = "& '" + $myinvocation.mycommand.definition + "'"
- Start-Process powershell -Verb runAs -ArgumentList $arguments
- Break
- }
- $computername = read-host "Computer Name"
- Write-Host "Enabling remote firewall rule on $computername"
- & psexec \\$Computername -s netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes 2>&1> $null
- If(-NOT $LASTEXITCODE -eq 0){
- Write-Warning "PSExec could not connect to and change firewall rule for $computername."
- }
- Else{
- Write-Host "Successfully added remote firewall rule...Starting Remote Event Viewer"
- start-process "eventvwr" -ArgumentList "$ComputerName" | Out-Null
- Write-Host "Waiting for Event viewer to close before cleaning up."
- While(-Not([bool](get-process mmc -ErrorAction SilentlyContinue))){
- Start-sleep -Milliseconds 500
- }
- wait-process mmc
- Write-Host "Event Viewer closed. Disabling remote firewall rule"
- & psexec \\$Computername -s netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=no 2>&1> $null
- if(-NOT $LASTEXITCODE -eq 0){
- Write-Warning "Could not successfully revert firewall changes on $computername."
- }
- Else{
- Write-Host "Done. Exiting in 3 seconds"
- }
- }
- Write-Warning "Exiting in 3 seconds..."
- start-sleep -seconds 3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement