User login activity
Hi, I would like to know if there is a way to create an alert when there is a user to log in from the managed device. So far i dont see any option in the threshold setting for this.
Comments
-
$Event = Get-WinEvent -LogName 'Security' -MaxEvents 1 -FilterXPath "*[System[EventID=4624]]"
$EventXML = [xml]$Event.ToXml()
$Username = ($EventXML.Event.EventData.Data | Where-Object {$_.Name -eq 'TargetUserName'} | Select-Object -Property '#text')."#text"if ($Username -ne 'ANONYMOUS LOGON') {
Send-MailMessage -To "your_email@example.com" -From "alert@example.com" -Subject "New User Login" -Body "User $Username has just logged in." -SmtpServer "smtp.example.com"
}Task Scheduler Method with Event Trigger
- Open Task Scheduler and create a new task.
- Set the Trigger to "On an event" and configure it to monitor the Security log for Event ID 4624.
- Set the Action to "Send an email" and fill in the necessary email information.
- Finish the setup to activate the task.
Note: Starting with Windows Server 2012 and Windows 8, sending email via Task Scheduler is deprecated, so you may want to have the task run a PowerShell script to send the email, like in the PowerShell method above.
1 -
Thanks @tanderson !!!
0
Topics
- All Topics
- 41 Getting started
- 25 Read before posting
- 8 Meet and greet
- 237 General
- 64 News and announcements
- 1 Swag
- 1 Roadmap updates
- 79 Resources
- 12 Knowledge Base
- 16 Webinars
- 1 Shared Script Library
- 2 Blog
- 19 Pro Tips
- 27 Got an idea?
- 3 Atera Academy
- 2 ActionAI
- 1 Copilot
- 140 Remote Monitoring and Management
- 84 Remote Monitoring
- 27 Patch Management
- 105 Professional Services Automation
- 64 Helpdesk
- 17 Billing
- 21 Reporting
- 36 Integrations & add-ons
- 20 Integrations
- 10 Add-ons
- 103 Scripting and automations
- 61 Scripts
- 30 Automations