Alert when Domain Admin logs in

[Alpha2x]

Hopefully someone will already know the answer to this one, I've had a search around the net but found nothing. Is there a way built in (or a simple way) to send a message/email every time a the Administrator account is logged in. I was thinking using netsend as part of the login script may be one way to do it but was wondering if there was anything better/purpose built out there at all.

Thanks in advance.

[AngryTechnician]

Nothing predefined that I know of, but you could set up an Event Viewer Task on the DC to execute an action when the appropriate login event is recorded in the Security log. You would need to specify the task on each DC though, as there's no way of knowing which one will process the logon.

[strawberry]

vbs login script to send an email or write something to a log

batch command with echo %computername% >> \\domain.local\netlogon\log.txt would do it.

[GAS]

Hi,

We have created GPO for 1 student that we like to monitor; you can alter to any use or group.
Create new GPO
Under Security Filtering add User or group (other than default Authenticated Users)
Create / Add VBS script to login script

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\\\\\
' A login Script to email the current username and computername to an email address.
'-------------------------------------------------------------------------------
' Initialization - Get command line arguments and declare variables & constants
'-------------------------------------------------------------------------------
Option Explicit
Dim objEmail
Dim mbAnswer
Dim attFName
Dim oShell
Dim user
Dim comp

'-------------------------------------------------------------------------------
' Main script
'-------------------------------------------------------------------------------

Set oShell = CreateObject( "WScript.Shell" )
user=oShell.ExpandEnvironmentStrings("%UserName%")
comp=oShell.ExpandEnvironmentStrings("%ComputerNam e%")

' Create the message object using CDO
Set objEmail = CreateObject("CDO.Message")


' change the 5 lines below to the crrect settings for your system
' probably only the first, second and last actually need changing, (2 * Email address, Exchange server name)
' the other 2 lines are just for customisation.
' Assign message properties (To, From, Subject, etc.)

' The addres you want to be sending from - probably the pupil monitoring group
objEmail.From = "StudentMonitoring@MySchool.sch.uk"
' The addres you want to be sending to - the pupil monitoring group
objEmail.To = "User1@MySchool.sch.uk;User2@MySchool.sch.uk;User3 @MySchool.sch.uk"
' The text to appear in the subject of the email
objEmail.Subject = "Student Monitoring Network Logon"
' The text body of the message. Currently shows which user has logged in to which machine no.
objEmail.Textbody = "User " & user & " Has Logged in to machine no " & comp
' change the myexchservername to the network name of your exch server.
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "Exchange Server Name"
' Assign additional message properties, update the object, and send the message
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail.Send




Hope this help

[Alpha2x]

Thanks guys, especially GAS that looks to be exactly what I need. Will give it a go.

[chrisbrown]

You have two options, logon script or event log tasks. I'd suggest the latter.

[rantonacci42]

Just thought of doing this for a couple of our "problem" students and I'm glad you guys already figured it out. Thanks GAS!

[Michael]

If you raise the domain/forest functional levels to 2008 R2, you can enable a policy so at logon it displays information about successful and unsuccessful domain logons.

Click here for more info.

[IanT]

What we do is log every logon and logoff and writes back to a text file:

REM Login Script:
for /f "Tokens=2 Delims=[]" %%i in ('ping -n 1 "%computername%"') do set IP=%%i

echo %username% logged ON %computername%, IP=%IP% @ %time% %date% >> \\SERVER\AdminLog$\Staff\%username%.txt

You create the .bat file, dump it in the Logon\Logoff scripts and done!

It wont send any emails but will log it down, all you have to do is go into the text file.

[rantonacci42]

I've been using the logon script provided by GAS, everything runs but the email wont send because the users cannot send email. Is there a line I can add for authentication or something else I can do so I get the email alerts?

Thanks in advance!