diff --git a/api/tacticalrmm/scripts/community_scripts.json b/api/tacticalrmm/scripts/community_scripts.json
index 5de40f23..c3b4413f 100644
--- a/api/tacticalrmm/scripts/community_scripts.json
+++ b/api/tacticalrmm/scripts/community_scripts.json
@@ -323,6 +323,15 @@
     "shell": "powershell",
     "category": "TRMM (Win):Monitoring"
   },
+  {
+    "guid": "8373846f-facc-49b9-9891-3a780a394c89",
+    "filename": "Win_Local_User_Created_Monitor.ps1",
+    "submittedBy": "https://github.com/dinger1986",
+    "name": "Event Viewer - Monitor for new Users",
+    "description": "Event Viewer Monitor - Notify when new Local user is created",
+    "shell": "powershell",
+    "category": "TRMM (Win):Monitoring"
+  },
   {
     "guid": "5d905886-9eb1-4129-8b81-a013f842eb24",
     "filename": "Win_Rename_Computer.ps1",
diff --git a/scripts/Win_Local_User_Created_Monitor.ps1 b/scripts/Win_Local_User_Created_Monitor.ps1
new file mode 100644
index 00000000..5d6e206c
--- /dev/null
+++ b/scripts/Win_Local_User_Created_Monitor.ps1
@@ -0,0 +1,17 @@
+$ErrorActionPreference= 'silentlycontinue'
+$TimeSpan = (Get-Date) - (New-TimeSpan -Day 1)
+if (Get-WinEvent -FilterHashtable @{LogName='security';ID='4720','4720','4728','4732','4756','4767';StartTime=$TimeSpan})
+{
+Write-Output "A change has been made to local users"
+Get-WinEvent -FilterHashtable @{LogName='security';ID='4720','4720','4728','4732','4756','4767';StartTime=$TimeSpan}
+exit 1
+}
+
+else
+{
+Write-Output "No changes all looks fine"
+exit 0
+}
+
+
+Exit $LASTEXITCODE
\ No newline at end of file