93 lines
3.1 KiB
PowerShell
93 lines
3.1 KiB
PowerShell
|
# Konfigurationsparameter
|
|||
|
|
$SMTPServer = "smtp.media-techport.int"
|
|||
|
|
$FromName = "Media-Techport.DE | Notification Service"
|
|||
|
|
$FromEmail = "noreply@media-techport.de"
|
|||
|
|
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
|
|||
|
|
|
|||
|
|
# Überwachung der Ereignisprotokolle
|
|||
|
|
$EventLogName = "Security"
|
|||
|
|
$EventID = 1149 # Event ID für Anmeldungen
|
|||
|
|
|
|||
|
|
# Filter für Ereignisse
|
|||
|
|
$FilterXML = @"
|
|||
|
|
<QueryList>
|
|||
|
|
<Query Id="0" Path="Security">
|
|||
|
|
<Select Path="Security">
|
|||
|
|
*[System[(EventID=$EventID)]]
|
|||
|
|
and
|
|||
|
|
*[EventData[Data[@Name='LogonType'] and (Data='10')]]
|
|||
|
|
and
|
|||
|
|
*[EventData[Data[@Name='TargetUserName'] and (Data!='$null')]]
|
|||
|
|
and
|
|||
|
|
*[EventData[Data[@Name='TargetDomainName'] and (Data='$env:USERDOMAIN')]]
|
|||
|
|
</Select>
|
|||
|
|
</Query>
|
|||
|
|
</QueryList>
|
|||
|
|
"@
|
|||
|
|
|
|||
|
|
# Funktion zum Senden von E-Mails
|
|||
|
|
function Send-Email {
|
|||
|
|
param(
|
|||
|
|
[string]$To,
|
|||
|
|
[string]$Subject,
|
|||
|
|
[string]$Message,
|
|||
|
|
[string]$GivenName,
|
|||
|
|
[string]$Surname
|
|||
|
|
)
|
|||
|
|
$EmailBody = @"
|
|||
|
|
<!DOCTYPE html>
|
|||
|
|
<html>
|
|||
|
|
<head>
|
|||
|
|
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
|
|||
|
|
<style>
|
|||
|
|
p {
|
|||
|
|
font-size: 14px;
|
|||
|
|
line-height: 1.6;
|
|||
|
|
}
|
|||
|
|
</style>
|
|||
|
|
</head>
|
|||
|
|
<body>
|
|||
|
|
<p><img src="https://assets.media-techport.de/logos/main/LogoSchwarz.png" alt="Logo-Schwarz" width="266" height="81" /></p>
|
|||
|
|
<p><span style="font-size: 14pt;"><strong>Hallo $GivenName $Surname,</strong></span></p>
|
|||
|
|
<p>$Message</p>
|
|||
|
|
</body>
|
|||
|
|
</html>
|
|||
|
|
"@
|
|||
|
|
|
|||
|
|
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $EmailBody -BodyAsHtml -Encoding "UTF8"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
# Hauptüberwachungsschleife
|
|||
|
|
$events = Get-WinEvent -LogName $EventLogName -FilterXPath $FilterXML
|
|||
|
|
foreach ($event in $events) {
|
|||
|
|
$eventTime = $event.TimeCreated
|
|||
|
|
$clientIP = $event.Properties[18].Value # IP-Adresse des Clients
|
|||
|
|
$serverIP = $env:COMPUTERNAME # IP-Adresse des Servers
|
|||
|
|
$user = $event.Properties[5].Value
|
|||
|
|
$domain = $event.Properties[6].Value
|
|||
|
|
|
|||
|
|
$userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
|
|||
|
|
$userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
|
|||
|
|
$GivenName = $userDetails.GivenName
|
|||
|
|
$Surname = $userDetails.Surname
|
|||
|
|
$EmailAddress = $userDetails.EmailAddress
|
|||
|
|
[PSCustomObject]@{
|
|||
|
|
EmailAddress = $EmailAddress
|
|||
|
|
GivenName = $GivenName
|
|||
|
|
Surname = $Surname
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$emailMessage = @"
|
|||
|
|
Es wurde eine Anmeldung per RDP auf dem Windows Server <b>$serverIP</b> registriert.<br><br>
|
|||
|
|
<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
|
|||
|
|
<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
|
|||
|
|
<b>Domäne:</b> $domain<br>
|
|||
|
|
<b>Benutzer:</b> $user<br>
|
|||
|
|
<b>IP-Adresse des Clients:</b> $clientIP
|
|||
|
|
"@
|
|||
|
|
foreach ($userDetail in $userEmails) {
|
|||
|
|
Send-Email -To $userDetail.EmailAddress -Subject "RDP-Anmeldung auf $serverIP registriert" -Message $emailMessage -GivenName $userDetail.GivenName -Surname $userDetail.Surname
|
|||
|
|
}
|
|||
|
|
}
|