# Konfigurationsparameter
$SMTPServer = "smtp.media-techport.int"
$FromName = "Media-Techport.DE | Notification Service"
$FromEmail = "noreply@media-techport.de"
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"

# Überwachung der Ereignisprotokolle
$EventLogName = "Security"
$EventID = 1149  # Event ID für Anmeldungen

# Filter für Ereignisse
$FilterXML = @"
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
      *[System[(EventID=$EventID)]]
      and
      *[EventData[Data[@Name='LogonType'] and (Data='10')]]
      and
      *[EventData[Data[@Name='TargetUserName'] and (Data!='$null')]]
      and
      *[EventData[Data[@Name='TargetDomainName'] and (Data='$env:USERDOMAIN')]]
    </Select>
  </Query>
</QueryList>
"@

# Funktion zum Senden von E-Mails
function Send-Email {
    param(
        [string]$To,
        [string]$Subject,
        [string]$Message,
        [string]$GivenName,
        [string]$Surname
    )
    $EmailBody = @"
<!DOCTYPE html>
<html>
<head>
    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
    <style>
        p {
            font-size: 14px;
            line-height: 1.6;
        }
    </style>
</head>
<body>
<p><img src="https://assets.media-techport.de/logos/main/LogoSchwarz.png" alt="Logo-Schwarz" width="266" height="81" /></p>
<p><span style="font-size: 14pt;"><strong>Hallo $GivenName $Surname,</strong></span></p>
<p>$Message</p>
</body>
</html>
"@

    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $EmailBody -BodyAsHtml -Encoding "UTF8"
}

# Hauptüberwachungsschleife
$events = Get-WinEvent -LogName $EventLogName -FilterXPath $FilterXML
foreach ($event in $events) {
    $eventTime = $event.TimeCreated
    $clientIP = $event.Properties[18].Value  # IP-Adresse des Clients
    $serverIP = $env:COMPUTERNAME  # IP-Adresse des Servers
    $user = $event.Properties[5].Value
    $domain = $event.Properties[6].Value

    $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
        $userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
        $GivenName = $userDetails.GivenName
        $Surname = $userDetails.Surname
        $EmailAddress = $userDetails.EmailAddress
        [PSCustomObject]@{
            EmailAddress = $EmailAddress
            GivenName = $GivenName
            Surname = $Surname
        }
    }

    $emailMessage = @"
Es wurde eine Anmeldung per RDP auf dem Windows Server <b>$serverIP</b> registriert.<br><br>
<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
<b>Domäne:</b> $domain<br>
<b>Benutzer:</b> $user<br>
<b>IP-Adresse des Clients:</b> $clientIP
"@
    foreach ($userDetail in $userEmails) {
        Send-Email -To $userDetail.EmailAddress -Subject "RDP-Anmeldung auf $serverIP registriert" -Message $emailMessage -GivenName $userDetail.GivenName -Surname $userDetail.Surname
    }
}