User login activity
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.
Comments
-
$Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
$EventXML = [xml]$Event.ToXml()
$Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"if ($Username -ne 'ANONYMOUS LOGON') {
Send-MailMessage -To "[email protected]" -From "[email protected]" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
}Task Scheduler Method with Event Trigger
- Open Task Scheduler and create a new task.
- Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
- Set the Action to "Send an email" and fill in the necessary email information.
- Finish the setup to activate the task.
Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.
1 -
Thanks @tanderson !!!
0
Topics
- All Topics
- 18 Getting started
- 12 Read before posting
- 6 Meet and greet
- 112 General
- 37 News and announcements
- 29 Resources
- 5 Knowledge Base
- 5 Webinars
- Shared Script Library
- Blog
- 3 Pro Tips
- 16 Got an idea?
- 66 Remote Monitoring and Management
- 54 Remote Monitoring
- 12 Patch Management
- 50 Professional Services Automation
- 30 Helpdesk
- 7 Billing
- 13 Reporting
- 15 Integrations & add-ons
- 10 Integrations
- 4 Add-ons
- 45 Scripting and automations
- 34 Scripts
- 10 Automations
