User login activity
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.
Comments
-
$Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
$EventXML = [xml]$Event.ToXml()
$Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"if ($Username -ne 'ANONYMOUS LOGON') {
Send-MailMessage -To "your_email@example.com" -From "alert@example.com" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
}Task Scheduler Method with Event Trigger
- Open Task Scheduler and create a new task.
- Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
- Set the Action to "Send an email" and fill in the necessary email information.
- Finish the setup to activate the task.
Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.
1 -
Thanks @tanderson !!!
0
Topics
- All Topics
- 60 Getting started
- 27 Read before posting
- 9 Meet and greet
- 316 General
- 73 News and announcements
- 2 Swag
- 5 Roadmap updates
- 1 Product Survey
- 94 Resources
- 17 Knowledge Base
- 18 Webinars
- 1 Shared Script Library
- 3 Blog
- 23 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 219 Remote Monitoring and Management
- 89 Remote Monitoring
- 29 Patch Management
- 118 Professional Services Automation
- 70 Helpdesk
- 18 Billing
- 24 Reporting
- 43 Integrations & add-ons
- 23 Integrations
- 11 Add-ons
- 113 Scripting and automations
- 62 Scripts
- 36 Automations