2

We have a requirement to send an e-mail to a specific address when any user logs on. This is on a Windows 2003 server, does anybody know or can point me in the right direction on how to do this? I assume there is some PS script that can run on the logon event but I've never done something like this before.

Tony
  • 457
  • 3
  • 11
  • 23
  • Have you looked into any powershell scripts for it? Seem to be quite a few. Set it to run via group policy in a script and you'll be good. – Nixphoe May 01 '14 at 15:05
  • 3
    1) That sounds like one of the dumber things I've heard this year, and I've heard some dumb ones. Why the holy hell? 2) Needs more details. (For example...) This server being logged onto... does it have an email server installed? What version of WMF/Powershell? Can the email come from a different server? – HopelessN00b May 01 '14 at 15:05
  • 1. I'm not sure why, this is coming from policy makers who are not security or technical people. But they want an e-mail notification for any user that logs onto this particular server. 2. It does not have Exchange or any other e-mail server installed but we can take care of that if that's a nececcity, it probably has PowerShell 1 since I haven't installed anything newer on it and it is 2003. – Tony May 01 '14 at 15:11
  • @Nixphoe, I've found PS scripts for sendMail but I'm having trouble finding how to trigger this script when a user logs on. I'm an admin with very little programming and scripting experience. All the scripts I've created in the past have been manual or run through Scheduled Tasks. – Tony May 01 '14 at 15:14
  • Okay, so doesn't look like there is any need to install Exchange, I can just make sure the SMTP role/service is running. I have a PS script that will send an e-mail. What I'm left with though is how to initialize this script on a user logon. It's easy on an AD-connected machine since there is a property to assign a logon script. This machine only uses local users and computers though. Is there a Group Policy setting that will do this? – Tony May 01 '14 at 15:36
  • One way would be to copy the script to the Startup folder of the existing user profiles and to the Startup folder of the Default user profile. That way all users with existing profiles and all new users will trigger the script when they log on. – joeqwerty May 01 '14 at 15:50

1 Answers1

3

One way of doing this is to parse through logon events in Event Viewer. You would have to kick a PowerShell script off when the user logged in that would search for events in the Security log and look for successful logons from users. You'd then have to have your PS script extract the user from the logon event and pass that through to the email you're wanting to send. To accomplish this you could use Task Scheduler, please see my screenshot below:

enter image description here

You'll have to choose between the two red highlighted options.

If you want actual code I can talk to my VB/PowerShell guy. Let me know, thanks.

EDIT

You could also bypass the PowerShell script altogether if you wanted to just use Task Scheduler. You could follow my steps above to create a Basic Task that starts when an event is triggered and then on the next screen it asks you which event you want to trigger on, and the screen after that gives you options of what you want Task Scheduler to do upon finding this event and one option is to Send An Email. Please see the following screenshots for more clarification.

enter image description here

enter image description here

Brad Bouchard
  • 2,527
  • 2
  • 13
  • 22
  • Also, the good thing with this method is that you can tell Task Scheduler to run whether you're logged on or not, so essentially it can run in the background. – Brad Bouchard May 01 '14 at 16:22
  • Am I missing something, I don't see a screenshot? – Tony May 01 '14 at 16:59
  • Definitely missing something then, you don't see my task scheduler screenshot? – Brad Bouchard May 01 '14 at 17:08
  • Try refreshing your browser and if you still can't see it, the way to get where I want you to be is to click Start > type Task Scheduler > Select it, then Right click on Task Scheduler Library on the left side > click Create Basic Task, give it a name, then the next screen is where you will see what I posted in my screenshot. – Brad Bouchard May 01 '14 at 17:12
  • Oh yeah, I'm good then, I'm familiar with creating a scheduled task. Thanks for the info. – Tony May 01 '14 at 17:14
  • It came to me after my first post which is why I didn't think of my "edited" answer until now, but it would be much easier to just do the Task Scheduler. It would work for anyone that logged on. Let me know your thoughts. – Brad Bouchard May 01 '14 at 17:19
  • 1
    This is a great answer, except that it's not applicable to Windows Server 2003. – joeqwerty May 01 '14 at 17:24
  • Yeah I forgot he was working with 2003, however it is applicable to 2003 if you tweak it. You'd just have to schedule the task in 2003 to run the PS1 file, and the PS1 file (original half of my answer) would have to look for the Security Events and grab them then pass them to the email that the script fires off. I understand what you're saying though. – Brad Bouchard May 01 '14 at 18:07