Compare commits
2 Commits
993e5d51e9
...
66a66d7fd7
Author | SHA1 | Date | |
---|---|---|---|
|
66a66d7fd7 | ||
|
e8289a2915 |
2
LICENSE
2
LICENSE
@ -7,3 +7,5 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
Patrick Asmus | www.media-techport.de
|
@ -1,2 +1,8 @@
|
||||
# rdp-mailbenachrichtigung
|
||||
**1. Skript: rdp-access-mail-notification.v3.ad.ps1**
|
||||
|
||||
- **Beschreibung:** Dieses Skript sendet eine E-Mail-Benachrichtigung an alle Mitglieder einer Gruppenrichtlinie, wenn sich jemand per Remote Desktop Protocol (RDP) auf einem Windows-System anmeldet. Es extrahiert Informationen aus dem Ereignisprotokoll und informiert die Benutzer über die Anmeldung, einschließlich Datum, Uhrzeit, Domäne, Benutzer und IP-Adresse des Clients.
|
||||
|
||||
|
||||
**2. Skript: rdp-access-mail-notification.v3.local.ps1**
|
||||
|
||||
- **Beschreibung:** Dieses Skript sendet eine E-Mail-Benachrichtigung, wenn sich jemand per Remote Desktop Protocol (RDP) auf einem Windows-System anmeldet. Es verwendet Informationen aus dem Ereignisprotokoll, um die Benutzer über die Anmeldung zu informieren, einschließlich Datum, Uhrzeit, Domäne, Benutzer und IP-Adresse des Clients. Die Benachrichtigung geht an eine vordefinierte Empfängeradresse.
|
92
ad-version/.archiv/rdp-access-mail-notification.v1.ps1
Normal file
92
ad-version/.archiv/rdp-access-mail-notification.v1.ps1
Normal file
@ -0,0 +1,92 @@
|
||||
# Konfigurationsparameter
|
||||
$SMTPServer = "smtp.media-techport.int"
|
||||
$FromName = "Media-Techport.DE | Notification Service"
|
||||
$FromEmail = "noreply@media-techport.de"
|
||||
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
|
||||
|
||||
# Überwachung der Ereignisprotokolle
|
||||
$EventLogName = "Security"
|
||||
$EventID = 1149 # Event ID für Anmeldungen
|
||||
|
||||
# Filter für Ereignisse
|
||||
$FilterXML = @"
|
||||
<QueryList>
|
||||
<Query Id="0" Path="Security">
|
||||
<Select Path="Security">
|
||||
*[System[(EventID=$EventID)]]
|
||||
and
|
||||
*[EventData[Data[@Name='LogonType'] and (Data='10')]]
|
||||
and
|
||||
*[EventData[Data[@Name='TargetUserName'] and (Data!='$null')]]
|
||||
and
|
||||
*[EventData[Data[@Name='TargetDomainName'] and (Data='$env:USERDOMAIN')]]
|
||||
</Select>
|
||||
</Query>
|
||||
</QueryList>
|
||||
"@
|
||||
|
||||
# Funktion zum Senden von E-Mails
|
||||
function Send-Email {
|
||||
param(
|
||||
[string]$To,
|
||||
[string]$Subject,
|
||||
[string]$Message,
|
||||
[string]$GivenName,
|
||||
[string]$Surname
|
||||
)
|
||||
$EmailBody = @"
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
|
||||
<style>
|
||||
p {
|
||||
font-size: 14px;
|
||||
line-height: 1.6;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<p><img src="https://assets.media-techport.de/logos/main/LogoSchwarz.png" alt="Logo-Schwarz" width="266" height="81" /></p>
|
||||
<p><span style="font-size: 14pt;"><strong>Hallo $GivenName $Surname,</strong></span></p>
|
||||
<p>$Message</p>
|
||||
</body>
|
||||
</html>
|
||||
"@
|
||||
|
||||
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $EmailBody -BodyAsHtml -Encoding "UTF8"
|
||||
}
|
||||
|
||||
# Hauptüberwachungsschleife
|
||||
$events = Get-WinEvent -LogName $EventLogName -FilterXPath $FilterXML
|
||||
foreach ($event in $events) {
|
||||
$eventTime = $event.TimeCreated
|
||||
$clientIP = $event.Properties[18].Value # IP-Adresse des Clients
|
||||
$serverIP = $env:COMPUTERNAME # IP-Adresse des Servers
|
||||
$user = $event.Properties[5].Value
|
||||
$domain = $event.Properties[6].Value
|
||||
|
||||
$userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
|
||||
$userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
|
||||
$GivenName = $userDetails.GivenName
|
||||
$Surname = $userDetails.Surname
|
||||
$EmailAddress = $userDetails.EmailAddress
|
||||
[PSCustomObject]@{
|
||||
EmailAddress = $EmailAddress
|
||||
GivenName = $GivenName
|
||||
Surname = $Surname
|
||||
}
|
||||
}
|
||||
|
||||
$emailMessage = @"
|
||||
Es wurde eine Anmeldung per RDP auf dem Windows Server <b>$serverIP</b> registriert.<br><br>
|
||||
<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
|
||||
<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
|
||||
<b>Domäne:</b> $domain<br>
|
||||
<b>Benutzer:</b> $user<br>
|
||||
<b>IP-Adresse des Clients:</b> $clientIP
|
||||
"@
|
||||
foreach ($userDetail in $userEmails) {
|
||||
Send-Email -To $userDetail.EmailAddress -Subject "RDP-Anmeldung auf $serverIP registriert" -Message $emailMessage -GivenName $userDetail.GivenName -Surname $userDetail.Surname
|
||||
}
|
||||
}
|
52
ad-version/.archiv/rdp-access-mail-notification.v2.ps1
Normal file
52
ad-version/.archiv/rdp-access-mail-notification.v2.ps1
Normal file
@ -0,0 +1,52 @@
|
||||
# Konfigurationsparameter
|
||||
$SMTPServer = "smtp.media-techport.int"
|
||||
$FromName = "Media-Techport.DE | Notification Service"
|
||||
$FromEmail = "noreply@media-techport.de"
|
||||
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
|
||||
|
||||
# Funktion zum Senden von E-Mails
|
||||
function Send-Email {
|
||||
param(
|
||||
[string]$To,
|
||||
[string]$Subject,
|
||||
[string]$Message
|
||||
)
|
||||
|
||||
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $Message -BodyAsHtml -Encoding "UTF8"
|
||||
}
|
||||
|
||||
# Parameter aus dem Ereignisprotokoll auslesen
|
||||
$eventID = 1149 # Event ID für RDP-Anmeldungen
|
||||
$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
|
||||
|
||||
$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
|
||||
|
||||
if ($latestEvent) {
|
||||
$xml = [xml]$latestEvent.ToXml()
|
||||
|
||||
if ($xml.Event.UserData) {
|
||||
$user = $xml.Event.UserData.EventXML.Param1
|
||||
$domain = $xml.Event.UserData.EventXML.Param2
|
||||
$clientIP = $xml.Event.UserData.EventXML.Param3
|
||||
|
||||
$eventTime = $latestEvent.TimeCreated
|
||||
$computerName = $latestEvent.MachineName
|
||||
|
||||
$userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
|
||||
Get-ADUser $_.DistinguishedName -Properties EmailAddress | Select-Object -ExpandProperty EmailAddress
|
||||
}
|
||||
|
||||
$emailMessage = @"
|
||||
Es wurde eine Anmeldung per RDP auf dem Windows Server $computerName registriert.<br><br>
|
||||
<b>Datum:</b> $($eventTime.ToString('dd.MM.yyyy'))<br>
|
||||
<b>Uhrzeit:</b> $($eventTime.ToString('HH:mm:ss'))<br>
|
||||
<b>Domäne:</b> $domain<br>
|
||||
<b>Benutzer:</b> $user<br>
|
||||
<b>IP-Adresse des Clients:</b> $clientIP
|
||||
"@
|
||||
|
||||
foreach ($email in $userEmails) {
|
||||
Send-Email -To $email -Subject "RDP-Anmeldung auf $computerName registriert" -Message $emailMessage
|
||||
}
|
||||
}
|
||||
}
|
Binary file not shown.
92
ad-version/rdp-access-mail-notification.v3.ad.ps1
Normal file
92
ad-version/rdp-access-mail-notification.v3.ad.ps1
Normal file
@ -0,0 +1,92 @@
|
||||
# Script Name: rdp-access-mail-notification.v3.ad.ps1
|
||||
# Beschreibung: Schickt allen Mitgliedern einer GG eine Mail, wenn sich jemand per RDP auf einem System anmeldet
|
||||
# Aufruf: -
|
||||
# Autor: Patrick Asmus
|
||||
# Web: https://www.media-techport.de
|
||||
# Git-Reposit.: https://git.media-techport.de/scriptos/private-script-collection.git
|
||||
# Version: 3.1
|
||||
# Datum: 22.10.2023
|
||||
# Modifikation: Umzug ins neue Repo und damit verbundene Anpassungen
|
||||
#####################################################
|
||||
|
||||
# Konfigurationsparameter
|
||||
$SMTPServer = "smtp.media-techport.int"
|
||||
$FromName = "Media-Techport.DE | Notification Service"
|
||||
$FromEmail = "noreply@media-techport.de"
|
||||
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
|
||||
$LogoURL = "https://assets.media-techport.de/logos/main/LogoSchwarz.png"
|
||||
|
||||
# Funktion zum Senden von E-Mails
|
||||
function Send-Email {
|
||||
param(
|
||||
[string]$To,
|
||||
[string]$Subject,
|
||||
[string]$HTMLBody
|
||||
)
|
||||
|
||||
$emailMessage = @"
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
|
||||
</head>
|
||||
<body>
|
||||
$HTMLBody
|
||||
</body>
|
||||
</html>
|
||||
"@
|
||||
|
||||
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $emailMessage -BodyAsHtml -Encoding "UTF8"
|
||||
}
|
||||
|
||||
# Parameter aus dem Ereignisprotokoll auslesen
|
||||
$eventID = 1149 # Event ID für RDP-Anmeldungen
|
||||
$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
|
||||
|
||||
$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
|
||||
|
||||
if ($latestEvent) {
|
||||
$xml = [xml]$latestEvent.ToXml()
|
||||
|
||||
if ($xml.Event.UserData) {
|
||||
$user = $xml.Event.UserData.EventXML.Param1
|
||||
$domain = $xml.Event.UserData.EventXML.Param2
|
||||
$clientIP = $xml.Event.UserData.EventXML.Param3
|
||||
|
||||
$eventTime = $latestEvent.TimeCreated
|
||||
$computerName = $latestEvent.MachineName
|
||||
|
||||
$userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object {
|
||||
$userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress
|
||||
$GivenName = $userDetails.GivenName
|
||||
$Surname = $userDetails.Surname
|
||||
$EmailAddress = $userDetails.EmailAddress
|
||||
[PSCustomObject]@{
|
||||
EmailAddress = $EmailAddress
|
||||
GivenName = $GivenName
|
||||
Surname = $Surname
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($userDetails in $userEmails) {
|
||||
$GivenName = $userDetails.GivenName
|
||||
$Surname = $userDetails.Surname
|
||||
$EmailAddress = $userDetails.EmailAddress
|
||||
|
||||
$HTMLBody = @"
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
</head>
|
||||
<body>
|
||||
<p><img src="$LogoURL" alt="" width="265" height="81" /></p>
|
||||
<p><strong>Hallo $GivenName $Surname,</strong></p>
|
||||
<p>Es wurde eine Anmeldung per RDP auf der Windows Maschine <strong>$computerName</strong> registriert.<br /><br /><strong>Datum:</strong> $($eventTime.ToString('dd.MM.yyyy'))<br /><strong>Uhrzeit:</strong> $($eventTime.ToString('HH:mm:ss'))<br /><strong>Domäne:</strong> $domain<br /><strong>Benutzer:</strong> $user<br /><strong>IP-Adresse des Clients:</strong> $clientIP</p>
|
||||
</body>
|
||||
</html>
|
||||
"@
|
||||
|
||||
Send-Email -To $EmailAddress -Subject "RDP-Anmeldung auf $computerName registriert" -HTMLBody $HTMLBody
|
||||
}
|
||||
}
|
||||
}
|
Binary file not shown.
74
local-version/rdp-access-mail-notification.v3.local.ps1
Normal file
74
local-version/rdp-access-mail-notification.v3.local.ps1
Normal file
@ -0,0 +1,74 @@
|
||||
# Script Name: rdp-access-mail-notification.v3.local.ps1
|
||||
# Beschreibung: Versendet eine Mail, wenn sich jemand per RDP auf einem System anmeldet
|
||||
# Aufruf: -
|
||||
# Autor: Patrick Asmus
|
||||
# Web: https://www.media-techport.de
|
||||
# Git-Reposit.: https://git.media-techport.de/scriptos/private-script-collection.git
|
||||
# Version: 3.1
|
||||
# Datum: 22.10.2023
|
||||
# Modifikation: Umzug ins neue Repo und damit verbundene Anpassungen
|
||||
#####################################################
|
||||
|
||||
# Konfigurationsparameter
|
||||
$SMTPServer = "smtp.media-techport.int"
|
||||
$FromName = "Media-Techport.DE | Notification Service"
|
||||
$FromEmail = "noreply@media-techport.de"
|
||||
$LogoURL = "https://assets.media-techport.de/logos/main/LogoSchwarz.png"
|
||||
$ManualRecipient = "system@media-techport.de"
|
||||
|
||||
# Funktion zum Senden von E-Mails
|
||||
function Send-Email {
|
||||
param(
|
||||
[string]$To,
|
||||
[string]$Subject,
|
||||
[string]$HTMLBody
|
||||
)
|
||||
|
||||
$emailMessage = @"
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
|
||||
</head>
|
||||
<body>
|
||||
$HTMLBody
|
||||
</body>
|
||||
</html>
|
||||
"@
|
||||
|
||||
Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $emailMessage -BodyAsHtml -Encoding "UTF8"
|
||||
}
|
||||
|
||||
# Parameter aus dem Ereignisprotokoll auslesen
|
||||
$eventID = 1149 # Event ID für RDP-Anmeldungen
|
||||
$eventLogName = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
|
||||
|
||||
$latestEvent = Get-WinEvent -LogName $eventLogName -FilterXPath "<QueryList><Query Id='0' Path='$eventLogName'><Select Path='$eventLogName'>*[System[(EventID=$eventID)]]</Select></Query></QueryList>" | Select-Object -First 1
|
||||
|
||||
if ($latestEvent) {
|
||||
$xml = [xml]$latestEvent.ToXml()
|
||||
|
||||
if ($xml.Event.UserData) {
|
||||
$user = $xml.Event.UserData.EventXML.Param1
|
||||
$domain = $xml.Event.UserData.EventXML.Param2
|
||||
$clientIP = $xml.Event.UserData.EventXML.Param3
|
||||
|
||||
$eventTime = $latestEvent.TimeCreated
|
||||
$computerName = $latestEvent.MachineName
|
||||
|
||||
$HTMLBody = @"
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
</head>
|
||||
<body>
|
||||
<p><img src="$LogoURL" alt="" width="265" height="81" /></p>
|
||||
<p><strong>Hallo Patrick Asmus,</strong></p>
|
||||
<p>Es wurde eine Anmeldung per RDP auf der Windows Maschine <strong>$computerName</strong> registriert.<br /><br /><strong>Datum:</strong> $($eventTime.ToString('dd.MM.yyyy'))<br /><strong>Uhrzeit:</strong> $($eventTime.ToString('HH:mm:ss'))<br /><strong>Domäne:</strong> $domain<br /><strong>Benutzer:</strong> $user<br /><strong>IP-Adresse des Clients:</strong> $clientIP</p>
|
||||
</body>
|
||||
</html>
|
||||
"@
|
||||
|
||||
Send-Email -To $ManualRecipient -Subject "RDP-Anmeldung auf $computerName registriert" -HTMLBody $HTMLBody
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user