Logon notification

This topic contains 8 replies, has 3 voices, and was last updated by  JC 7 months, 3 weeks ago.

  • Author
    Posts
  • #68904

    JC
    Participant

    I'd like to have an email notification on user logon to certain machines. It's a domain environment so username would be a nice to have in the email. I can create a logon triggered scheduled task to run a script but not sure how to get the script to figure out what user logged on since $env:username would give me the user account that runs the task.

  • #68944

    JC
    Participant

    Seems like getting the right event with Get-WinEvent and turning it to XML then looking for logon type 10 and process System32 got me the account name so I could insert it into email body.

    • #69249

      Anders Jarl Dalholm
      Participant

      I would also choose the eventlog path.. Since your only interested in "some" clients, I would setup Windows Event Forwarding Service and create a policy for the clients in question.. then you can run the script from a centralized location..

  • #69165

    Hi JC,
    You could also try to get currently logged in users from WMI Win32_ComputerSystem class.

    (Get-CimInstance -class Win32_ComputerSystem).username
    #If user is logged in, it will return string DOMAIN\username
    
  • #69184

    JC
    Participant

    Thanks Aleksandras. That's a good idea too although I'm more interested in the user that just logged in rather than all users logged in.

  • #69202

    Tried to do "Switch account" and then get username from Win32_ComputerSystem. Looks like it return only one currently logged in user. Info from MSDN:

    Data type: string
    Access type: Read-only
    Qualifiers: MappingStrings ("Win32API|System Information Functions|GetUserName")
    Name of a user that is logged on currently. This property must have a value. In a terminal services session, UserName returns the name of the user that is logged on to the console—not the user logged on during the terminal service session.

  • #69216

    JC
    Participant

    This works on my home PC but not on my office Server 2012R2 domain member. Doesn't return anything.

  • #69322

    It returns null if you're logged in via RDP.

  • #69529

    JC
    Participant

    This would explain it đŸ™‚ Many thanks

You must be logged in to reply to this topic.