Evotec

Project

PSWinReporting

This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Events.

View on GitHub Releases Get package
Stars727
Forks72
Open issues20
PowerShell Gallery downloads15478
Releasev2.0.23
Language: PowerShell Updated: 2026-02-14T21:19:28.0000000+00:00

Curated Examples

Create an event forwarder task

Use PSWinReporting to register a scheduled task for forwarded events.

This pattern is useful when forwarded events should trigger a local processing script.

It is adapted from Examples/RunMe-AddTasks.ps1.

Example

Import-Module PSWinReporting

$taskName = 'ForwardedEvents'
$taskPath = '\Event Viewer Tasks\'
$author = 'Example Operations'
$uri = '\Event Viewer Tasks\ForwardedEvents'
$command = 'powershell.exe'
$scriptPath = Join-Path $PSScriptRoot 'RunMe-TriggerOnEvents.ps1'
$argument = @(
    '-WindowStyle hidden'
    $scriptPath
    '-EventID $(eventID) -EventRecordID $(eventRecordID) -EventChannel $(eventChannel) -EventSeverity $(eventSeverity)'
)

Remove-TaskScheduledForwarder -TaskPath $taskPath -TaskName $taskName
Add-TaskScheduledForwarder -TaskPath $taskPath -TaskName $taskName -Author $author -URI $uri -Command $command -Argument $argument

What this demonstrates

  • preparing scheduled-task metadata
  • using a script-local handler path
  • refreshing the forwarder task in a repeatable way

Source