2

I am concerned that one of our servers is being abused for a few various reasons.

Is there a tool that can send an email when ever a user logons onto the server?

I would like to get an email with as much info as possible sent to me in the background.

Thanks

SetiSeeker
  • 275
  • 2
  • 9

2 Answers2

2

If Server 2008, create a sch task and define a trigger with "on an event". You'll most likely want to use 528 as your event, then you action would be "send an email". You'll need a SMTP server.

http://technet.microsoft.com/en-us/library/cc787567(WS.10).aspx for event IDs.

Malnizzle
  • 1,441
  • 2
  • 16
  • 30
2

I use a logon script for this in a GPO at domain root level. A simplified version might look something like:

Set ADSysInfo = CreateObject ("ADSystemInfo")
Set currComp = GetObject ("LDAP://" & ADSysInfo.ComputerName)
Set CurrUser = GetObject ("LDAP://" & ADSysInfo.UserName)

if CurrComp.operatingSystem = "Windows 2000 Server" or _
   CurrComp.operatingSystem = "Windows Server 2003" then
       ' send email via whatever SMTP server/etc you have in place
       ' this will be different depending on the server so i can't give code
       ' CurrUser.sAMAccountName - user account name
       ' CurrComp.cn - name of server being logged on to
endif

You'll need to dig out ways of sending email via script on TechNet for the missing part of it

Maximus Minimus
  • 8,937
  • 1
  • 22
  • 36
  • +1 that's solid as well – Malnizzle Feb 23 '10 at 16:26
  • Thanks Mh. Will this work for local accounts as well or only domain accounts on the AD? I need to get alerts for both. – SetiSeeker Feb 23 '10 at 16:38
  • Only domain accounts if it's in a GPO. The LDAP:// stuff would also need to be changed to the correct namespace for local accounts, you wouldn't use ADSystemInfo, and your SMTP permissions would need to allow a local account to access it. Besides which, if someone has "abuse the server" local access, they can already bypass a local logon script anyway. – Maximus Minimus Feb 23 '10 at 17:00