User login activity
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.
Comments
-
$Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
$EventXML = [xml]$Event.ToXml()
$Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"if ($Username -ne 'ANONYMOUS LOGON') {
Send-MailMessage -To "your_email@example.com" -From "alert@example.com" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
}Task Scheduler Method with Event Trigger
- Open Task Scheduler and create a new task.
- Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
- Set the Action to "Send an email" and fill in the necessary email information.
- Finish the setup to activate the task.
Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.
1 -
Thanks @tanderson !!!
0
Topics
- All Topics
- 42 Getting started
- 26 Read before posting
- 8 Meet and greet
- 257 General
- 71 News and announcements
- 2 Swag
- 1 Roadmap updates
- 83 Resources
- 12 Knowledge Base
- 17 Webinars
- 1 Shared Script Library
- 2 Blog
- 21 Pro Tips
- 28 Got an idea?
- 3 Atera Academy
- 2 ActionAI
- 1 Copilot
- 142 Remote Monitoring and Management
- 85 Remote Monitoring
- 28 Patch Management
- 107 Professional Services Automation
- 65 Helpdesk
- 17 Billing
- 22 Reporting
- 41 Integrations & add-ons
- 22 Integrations
- 11 Add-ons
- 108 Scripting and automations
- 62 Scripts
- 32 Automations