#This powershell script will open the local event viewer viewing the remot-host'

1. #This powershell script will open the local event viewer viewing the remot-host's event logs. To accomplish this it must enable a set of remote firewall rules.
2.  
3. #HOW TO:
4. # 1. Make sure PSExec (Sysinternals.com) is stored in %Systemroot%\System32\
5. # 2. Launch this script with App-Admin credentials from authorized computer.
6. # 3. Enter computer name of remote computer
7.  
8. If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
9. #AutoElevate
10. {
11. $arguments = "& '" + $myinvocation.mycommand.definition + "'"
12. Start-Process powershell -Verb runAs -ArgumentList $arguments
13. Break
14. }
15.  
16. $computername = read-host "Computer Name"
17. Write-Host "Enabling remote firewall rule on $computername"
18. & psexec \\$Computername -s netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=yes 2>&1> $null
19.  
20. If(-NOT $LASTEXITCODE -eq 0){
21. Write-Warning "PSExec could not connect to and change firewall rule for $computername."
22. }
23. Else{
24. Write-Host "Successfully added remote firewall rule...Starting Remote Event Viewer"
25. start-process "eventvwr" -ArgumentList "$ComputerName" | Out-Null
26. Write-Host "Waiting for Event viewer to close before cleaning up."
27. While(-Not([bool](get-process mmc -ErrorAction SilentlyContinue))){
28. Start-sleep -Milliseconds 500
29. }
30. wait-process mmc
31. Write-Host "Event Viewer closed. Disabling remote firewall rule"
32. & psexec \\$Computername -s netsh advfirewall firewall set rule group="Remote Event Log Management" new enable=no 2>&1> $null
33. if(-NOT $LASTEXITCODE -eq 0){
34. Write-Warning "Could not successfully revert firewall changes on $computername."
35. }
36. Else{
37. Write-Host "Done. Exiting in 3 seconds"
38. }
39. }
40. Write-Warning "Exiting in 3 seconds..."
41. start-sleep -seconds 3