User login activity
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.
Comments
-
$Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
$EventXML = [xml]$Event.ToXml()
$Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"if ($Username -ne 'ANONYMOUS LOGON') {
Send-MailMessage -To "your_email@example.com" -From "alert@example.com" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
}Task Scheduler Method with Event Trigger
- Open Task Scheduler and create a new task.
- Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
- Set the Action to "Send an email" and fill in the necessary email information.
- Finish the setup to activate the task.
Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.
1 -
Thanks @tanderson !!!
0
Topics
- All Topics
- 40 Getting started
- 24 Read before posting
- 8 Meet and greet
- 223 General
- 61 News and announcements
- 1 Swag
- 1 Roadmap updates
- 69 Resources
- 9 Knowledge Base
- 13 Webinars
- 1 Shared Script Library
- 2 Blog
- 16 Pro Tips
- 26 Got an idea?
- 1 Atera Academy
- 1 ActionAI
- 1 Copilot
- 125 Remote Monitoring and Management
- 78 Remote Monitoring
- 24 Patch Management
- 100 Professional Services Automation
- 62 Helpdesk
- 17 Billing
- 18 Reporting
- 34 Integrations & add-ons
- 20 Integrations
- 10 Add-ons
- 100 Scripting and automations
- 59 Scripts
- 29 Automations