# Konfigurationsparameter
$SMTPServer = "smtp.media-techport.int"
$FromName = "Media-Techport.DE | Notification Service"
$FromEmail = "noreply@media-techport.de"
$SecurityGroupDN = "CN=GG-MailAT_RDP-Access,OU=Benachrichtigungsgruppen,OU=Benutzergruppen,DC=media-techport,DC=int"
# Überwachung der Ereignisprotokolle
$EventLogName = "Security"
$EventID = 1149 # Event ID für Anmeldungen
# Filter für Ereignisse
$FilterXML = @"
Hallo $GivenName $Surname,
$Message
"@ Send-MailMessage -SmtpServer $SMTPServer -From "$FromName <$FromEmail>" -To $To -Subject $Subject -Body $EmailBody -BodyAsHtml -Encoding "UTF8" } # Hauptüberwachungsschleife $events = Get-WinEvent -LogName $EventLogName -FilterXPath $FilterXML foreach ($event in $events) { $eventTime = $event.TimeCreated $clientIP = $event.Properties[18].Value # IP-Adresse des Clients $serverIP = $env:COMPUTERNAME # IP-Adresse des Servers $user = $event.Properties[5].Value $domain = $event.Properties[6].Value $userEmails = Get-ADGroupMember -Identity $SecurityGroupDN | Where-Object { $_.objectClass -eq "user" } | ForEach-Object { $userDetails = Get-ADUser $_.DistinguishedName -Properties GivenName, Surname, EmailAddress $GivenName = $userDetails.GivenName $Surname = $userDetails.Surname $EmailAddress = $userDetails.EmailAddress [PSCustomObject]@{ EmailAddress = $EmailAddress GivenName = $GivenName Surname = $Surname } } $emailMessage = @" Es wurde eine Anmeldung per RDP auf dem Windows Server $serverIP registriert.