windowsemailvbscriptwindows-server-2008windows-administration

Mail gets sent on remote login to a machine only by a particular user not by all users


I have written a VBScript that sends mail when a user logs in to a machine:

Set objMessage = CreateObject("CDO.Message") 
objMessage.Subject = "Example CDO Message" 
objMessage.From = "admin@domain.com" 
objMessage.To = "admin@domain.com" 

Set objNet = CreateObject("WScript.NetWork") 
strInfo1 = " " & objNet.UserName & "@" & objNet.UserDomain & " is logged on to machine: "       &  objNet.ComputerName & " on " & Date() & "  " & Time() & "." & vbCRLF 
objMessage.TextBody = " " & strInfo1 

'specify mechanism to send mail -2 for using port
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

'specifying exchange server machine as smtp server
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "exchangeserver.domain.com"

'port for SMTP server
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

'end message configuration
objMessage.Configuration.Fields.Update

objMessage.Send

I have specify this vbs to execute on remote login session by create event task scheduler as shown below

enter image description here

I have configured it to execute it for any users' remote logon:

enter image description here

After clicking OK on above window, I got below window asking for user account to use for this task:

enter image description here

But I am getting mail only after remote login of user that I specified in above window, even though I have specified to execute the event for any user as can be seen in 2nd image.

Q.1 How can I auto-send mail on user login of any user, why it is sending mail on login of only one user that I specified in 3rd image

Q.2 Also I find this way insecure as it is configured on the machine for which I want to monitor remote logins. This machine is in AD managed by Windows Server 2008. How can I do configuration on server (not on client machine) to send mail when remote login occurs on client machine.


Solution

  • In fact, you are sending a mail message after any use login. But, as

    1. the scheduled task is running under the credentials of a especific user, and

    2. your script gets the user name of the session in which the script is running, and

    3. this session is the configured one in task scheduler, and

    4. this is your especific user,

    ... can you see it? The script can't. It doesn't see the real user.

    The best option is probably configure a login script, which runs under the real user account, and call the script from it.

    Or you can enable audits and record login events in Security event log. Then you can analyze the logs.