scriptos/rdp-access-mailbenachrichtigung
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dd1e87c7e4
rdp-access-mailbenachrichti.../ad-version/.archiv/rdp-access-mail-notification.v2.ps1
scriptos e8289a2915 Umzug ins neue Repo
2023-11-06 19:42:58 +01:00

53 lines
2.1 KiB
PowerShell
Raw Blame History

# Konfigurationsparameter
$SMTPServer = "smtp.media-techport.int"
$FromName = "Media-Techport.DE | Notification Service"
$FromEmail = "noreply@media-techport.de"
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
# Funktion zum Senden von E-Mails
function Send-Email {
param(
[string]$To,
[string]$Subject,
[string]$Message
)
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $Message -BodyAsHtml -Encoding "UTF8"
}
# Parameter aus dem Ereignisprotokoll auslesen
$eventID = 1149 # Event ID für RDP-Anmeldungen
$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
if ($latestEvent) {
$xml = [xml]$latestEvent.ToXml()
if ($xml.Event.UserData) {
$user = $xml.Event.UserData.EventXML.Param1
$domain = $xml.Event.UserData.EventXML.Param2
$clientIP = $xml.Event.UserData.EventXML.Param3
$eventTime = $latestEvent.TimeCreated
$computerName = $latestEvent.MachineName
$userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
Get-ADUser $_.DistinguishedName -Properties EmailAddress | Select-Object -ExpandProperty EmailAddress
}
$emailMessage = @"
Es wurde eine Anmeldung per RDP auf dem Windows Server $computerName registriert.<br><br>
<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
<b>Domäne:</b> $domain<br>
<b>Benutzer:</b> $user<br>
<b>IP-Adresse des Clients:</b> $clientIP
"@
foreach ($email in $userEmails) {
Send-Email -To $email -Subject "RDP-Anmeldung auf $computerName registriert" -Message $emailMessage
}
}
}
Reference in New Issue View Git Blame Copy Permalink