I have written a VBScript that sends mail when a user logs in to a machine:
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "Example CDO Message"
objMessage.From = "admin@domain.com"
objMessage.To = "admin@domain.com"
Set objNet = CreateObject("WScript.NetWork")
strInfo1 = " " & objNet.UserName & "@" & objNet.UserDomain & " is logged on to machine: " & objNet.ComputerName & " on " & Date() & " " & Time() & "." & vbCRLF
objMessage.TextBody = " " & strInfo1
'specify mechanism to send mail -2 for using port
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'specifying exchange server machine as smtp server
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "exchangeserver.domain.com"
'port for SMTP server
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
'end message configuration
objMessage.Configuration.Fields.Update
objMessage.Send
I have specify this vbs to execute on remote login session by create event task scheduler as shown below
I have configured it to execute it for any users' remote logon:
After clicking OK on above window, I got below window asking for user account to use for this task:
But I am getting mail only after remote login of user that I specified in above window, even though I have specified to execute the event for any user as can be seen in 2nd image.
Q.1 How can I auto-send mail on user login of any user, why it is sending mail on login of only one user that I specified in 3rd image
Q.2 Also I find this way insecure as it is configured on the machine for which I want to monitor remote logins. This machine is in AD managed by Windows Server 2008. How can I do configuration on server (not on client machine) to send mail when remote login occurs on client machine.
In fact, you are sending a mail message after any use login. But, as
the scheduled task is running under the credentials of a especific user, and
your script gets the user name of the session in which the script is running, and
this session is the configured one in task scheduler, and
this is your especific user,
... can you see it? The script can't. It doesn't see the real user.
The best option is probably configure a login script, which runs under the real user account, and call the script from it.
Or you can enable audits and record login events in Security event log. Then you can analyze the logs.