Umzug ins neue Repo

ad-version/.archiv/rdp-access-mail-notification.v1.ps1

@@ -0,0 +1,92 @@
+# Konfigurationsparameter
+$SMTPServer = "smtp.media-techport.int"
+$FromName = "Media-Techport.DE | Notification Service"
+$FromEmail = "noreply@media-techport.de"
+$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
+
+# Überwachung der Ereignisprotokolle
+$EventLogName = "Security"
+$EventID = 1149  # Event ID für Anmeldungen
+
+# Filter für Ereignisse
+$FilterXML = @"
+<QueryList>
+  <Query Id="0" Path="Security">
+    <Select Path="Security">
+      *[System[(EventID=$EventID)]]
+      and
+      *[EventData[Data[@Name='LogonType'] and (Data='10')]]
+      and
+      *[EventData[Data[@Name='TargetUserName'] and (Data!='$null')]]
+      and
+      *[EventData[Data[@Name='TargetDomainName'] and (Data='$env:USERDOMAIN')]]
+    </Select>
+  </Query>
+</QueryList>
+"@
+
+# Funktion zum Senden von E-Mails
+function Send-Email {
+    param(
+        [string]$To,
+        [string]$Subject,
+        [string]$Message,
+        [string]$GivenName,
+        [string]$Surname
+    )
+    $EmailBody = @"
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
+    <style>
+        p {
+            font-size: 14px;
+            line-height: 1.6;
+        }
+    </style>
+</head>
+<body>
+<p><img src="https://assets.media-techport.de/logos/main/LogoSchwarz.png" alt="Logo-Schwarz" width="266" height="81" /></p>
+<p><span style="font-size: 14pt;"><strong>Hallo $GivenName $Surname,</strong></span></p>
+<p>$Message</p>
+</body>
+</html>
+"@
+
+    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $EmailBody -BodyAsHtml -Encoding "UTF8"
+}
+
+# Hauptüberwachungsschleife
+$events = Get-WinEvent -LogName $EventLogName -FilterXPath $FilterXML
+foreach ($event in $events) {
+    $eventTime = $event.TimeCreated
+    $clientIP = $event.Properties[18].Value  # IP-Adresse des Clients
+    $serverIP = $env:COMPUTERNAME  # IP-Adresse des Servers
+    $user = $event.Properties[5].Value
+    $domain = $event.Properties[6].Value
+
+    $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
+        $userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
+        $GivenName = $userDetails.GivenName
+        $Surname = $userDetails.Surname
+        $EmailAddress = $userDetails.EmailAddress
+        [PSCustomObject]@{
+            EmailAddress = $EmailAddress
+            GivenName = $GivenName
+            Surname = $Surname
+        }
+    }
+
+    $emailMessage = @"
+Es wurde eine Anmeldung per RDP auf dem Windows Server <b>$serverIP</b> registriert.<br><br>
+<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
+<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
+<b>Domäne:</b> $domain<br>
+<b>Benutzer:</b> $user<br>
+<b>IP-Adresse des Clients:</b> $clientIP
+"@
+    foreach ($userDetail in $userEmails) {
+        Send-Email -To $userDetail.EmailAddress -Subject "RDP-Anmeldung auf $serverIP registriert" -Message $emailMessage -GivenName $userDetail.GivenName -Surname $userDetail.Surname
+    }
+}

ad-version/.archiv/rdp-access-mail-notification.v2.ps1

@@ -0,0 +1,52 @@
+# Konfigurationsparameter
+$SMTPServer = "smtp.media-techport.int"
+$FromName = "Media-Techport.DE | Notification Service"
+$FromEmail = "noreply@media-techport.de"
+$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
+
+# Funktion zum Senden von E-Mails
+function Send-Email {
+    param(
+        [string]$To,
+        [string]$Subject,
+        [string]$Message
+    )
+
+    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $Message -BodyAsHtml -Encoding "UTF8"
+}
+
+# Parameter aus dem Ereignisprotokoll auslesen
+$eventID = 1149  # Event ID für RDP-Anmeldungen
+$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
+
+$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
+
+if ($latestEvent) {
+    $xml = [xml]$latestEvent.ToXml()
+
+    if ($xml.Event.UserData) {
+        $user = $xml.Event.UserData.EventXML.Param1
+        $domain = $xml.Event.UserData.EventXML.Param2
+        $clientIP = $xml.Event.UserData.EventXML.Param3
+
+        $eventTime = $latestEvent.TimeCreated
+        $computerName = $latestEvent.MachineName
+
+        $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
+            Get-ADUser $_.DistinguishedName -Properties EmailAddress | Select-Object -ExpandProperty EmailAddress
+        }
+
+        $emailMessage = @"
+Es wurde eine Anmeldung per RDP auf dem Windows Server $computerName registriert.<br><br>
+<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
+<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
+<b>Domäne:</b> $domain<br>
+<b>Benutzer:</b> $user<br>
+<b>IP-Adresse des Clients:</b> $clientIP
+"@
+
+        foreach ($email in $userEmails) {
+            Send-Email -To $email -Subject "RDP-Anmeldung auf $computerName registriert" -Message $emailMessage
+        }
+    }
+}

ad-version/rdp-access-mail-notification.v3.ad.ps1

@@ -0,0 +1,92 @@
+# Script Name:  rdp-access-mail-notification.v3.ps1
+# Beschreibung: Schickt allen Mitgliedern einer GG eine Mail, wenn sich jemand per RDP auf einem System anmeldet
+# Aufruf:       -
+# Autor:        Patrick Asmus
+# Web:          https://www.media-techport.de
+# Git-Reposit.: https://git.media-techport.de/scriptos/private-script-collection.git
+# Version:      3.1
+# Datum:        22.10.2023
+# Modifikation: Header hinzugefuegt
+#####################################################
+
+# Konfigurationsparameter
+$SMTPServer = "smtp.media-techport.int"
+$FromName = "Media-Techport.DE | Notification Service"
+$FromEmail = "noreply@media-techport.de"
+$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
+$LogoURL = "https://assets.media-techport.de/logos/main/LogoSchwarz.png"  # URL zum Logo
+
+# Funktion zum Senden von E-Mails
+function Send-Email {
+    param(
+        [string]$To,
+        [string]$Subject,
+        [string]$HTMLBody
+    )
+
+    $emailMessage = @"
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
+</head>
+<body>
+    $HTMLBody
+</body>
+</html>
+"@
+
+    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $emailMessage -BodyAsHtml -Encoding "UTF8"
+}
+
+# Parameter aus dem Ereignisprotokoll auslesen
+$eventID = 1149  # Event ID für RDP-Anmeldungen
+$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
+
+$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
+
+if ($latestEvent) {
+    $xml = [xml]$latestEvent.ToXml()
+
+    if ($xml.Event.UserData) {
+        $user = $xml.Event.UserData.EventXML.Param1
+        $domain = $xml.Event.UserData.EventXML.Param2
+        $clientIP = $xml.Event.UserData.EventXML.Param3
+
+        $eventTime = $latestEvent.TimeCreated
+        $computerName = $latestEvent.MachineName
+
+        $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
+            $userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
+            $GivenName = $userDetails.GivenName
+            $Surname = $userDetails.Surname
+            $EmailAddress = $userDetails.EmailAddress
+            [PSCustomObject]@{
+                EmailAddress = $EmailAddress
+                GivenName = $GivenName
+                Surname = $Surname
+            }
+        }
+
+        foreach ($userDetails in $userEmails) {
+            $GivenName = $userDetails.GivenName
+            $Surname = $userDetails.Surname
+            $EmailAddress = $userDetails.EmailAddress
+
+            $HTMLBody = @"
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+<p><img src="$LogoURL" alt="" width="265" height="81" /></p>
+<p><strong>Hallo $GivenName $Surname,</strong></p>
+<p>Es wurde eine Anmeldung per RDP auf der Windows Maschine <strong>$computerName</strong> registriert.<br /><br /><strong>Datum:</strong> $($eventTime.ToString('dd.MM.yyyy'))<br /><strong>Uhrzeit:</strong> $($eventTime.ToString('HH:mm:ss'))<br /><strong>Dom&auml;ne:</strong> $domain<br /><strong>Benutzer:</strong> $user<br /><strong>IP-Adresse des Clients:</strong> $clientIP</p>
+</body>
+</html>
+"@
+
+            Send-Email -To $EmailAddress -Subject "RDP-Anmeldung auf $computerName registriert" -HTMLBody $HTMLBody
+        }
+    }
+}

local-version/rdp-access-mail-notification.v3.local.ps1

@@ -0,0 +1,63 @@
+# Konfigurationsparameter
+$SMTPServer = "smtp.media-techport.int"
+$FromName = "Media-Techport.DE | Notification Service"
+$FromEmail = "noreply@media-techport.de"
+$LogoURL = "https://assets.media-techport.de/logos/main/LogoSchwarz.png"  # URL zum Logo
+$ManualRecipient = "system@media-techport.de"  # Manuell festgelegter E-Mail-Empfänger
+
+# Funktion zum Senden von E-Mails
+function Send-Email {
+    param(
+        [string]$To,
+        [string]$Subject,
+        [string]$HTMLBody
+    )
+
+    $emailMessage = @"
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
+</head>
+<body>
+    $HTMLBody
+</body>
+</html>
+"@
+
+    Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $emailMessage -BodyAsHtml -Encoding "UTF8"
+}
+
+# Parameter aus dem Ereignisprotokoll auslesen
+$eventID = 1149  # Event ID für RDP-Anmeldungen
+$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
+
+$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
+
+if ($latestEvent) {
+    $xml = [xml]$latestEvent.ToXml()
+
+    if ($xml.Event.UserData) {
+        $user = $xml.Event.UserData.EventXML.Param1
+        $domain = $xml.Event.UserData.EventXML.Param2
+        $clientIP = $xml.Event.UserData.EventXML.Param3
+
+        $eventTime = $latestEvent.TimeCreated
+        $computerName = $latestEvent.MachineName
+
+        $HTMLBody = @"
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+<p><img src="$LogoURL" alt="" width="265" height="81" /></p>
+<p><strong>Hallo Patrick Asmus,</strong></p>
+<p>Es wurde eine Anmeldung per RDP auf der Windows Maschine <strong>$computerName</strong> registriert.<br /><br /><strong>Datum:</strong> $($eventTime.ToString('dd.MM.yyyy'))<br /><strong>Uhrzeit:</strong> $($eventTime.ToString('HH:mm:ss'))<br /><strong>Dom&auml;ne:</strong> $domain<br /><strong>Benutzer:</strong> $user<br /><strong>IP-Adresse des Clients:</strong> $clientIP</p>
+</body>
+</html>
+"@
+
+        Send-Email -To $ManualRecipient -Subject "RDP-Anmeldung auf $computerName registriert" -HTMLBody $HTMLBody
+    }
+}