Subscribe
Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.
Recent Posts
- Avoid the Windows 10 Anniversary Update!
- Windows 10 free upgrade ends today
- Remote Control Enterprise 5.6 Released
- Remote Control 5.6 Released
- Prevent the Windows 10 Download
- Remove the Windows 10 upgrade nag message
- Automatically reboot idle computers
- Enterprise Remote Control Update
- Convert Hyper-V to VMWare
- Utility to clean out temp files
- Easy solution for “Cannot delete “file name”: The file name you specified is not valid or too long.”
- Windows flaw found – Make sure you patch today
- Burn files from the command line
- Enterprise Remote Control – Security Update
- Shutdown or reboot computers remotely
- The next version of Windows – Windows 10
- Shellshock – A vulnerability to look out for
- Power up computers remotely
- New tool from SysInternals – SysMon
- Enterprise Remote Control Security Update
- Free Backup Software for Hyper-V
- Free Networking and Windows Server Tutorials
- Turn virtual machines on and off from a script (Hyper-V)
- Remote Control 5.4 MSI Distribution
- Remote Control 5.4 Distribution Update
- Boot Windows 8 from an external drive
- Remote Control 5.4 Released
- Microsoft’s best kept secret – EMET
- Force Automatic Updates – Part 2
- Remote Control Beta 2 Released
- Clean up temp files remotely – Version 2
- Enterprise Remote Control – Security Patch
- Beta – Remote Control 5.4
- Important Security Mailing Lists
- See if a program “phones home”
- Security for virtual environments
- Windows XP Support Nag Window – FYI
- Tabbed folder view for Windows
- Free IT Training materials
- USB Disabler Pro Released with Free Edition
- Block Flash Drives, Phones, and Removable Media
- Free Windows Server 2012 R2 EBook
- Cleanup temp files remotely
- A simple IP Scanner for Windows
- Enterprise Remote Control Update
- Delete temp files from all user profiles
- Execute Defrag Remotely
- Cleanup Automatic Update Files Remotely
- Command prompt replacement for Windows
- Find your Windows 8 Product Key
- Show network activity in the system tray
- New build of Enterprise remote control released
- Network Administrator Update – IE Blocker Fix
- Prevent an Internet Explorer 11 automatic install
- Free tool to remotely manage Hyper-V
- Burn a DVD or CD from the command line
- Free backup utility for virtual machines
- Remove offline printers using vbscript
- Enterprise Remote Control Released
- Activity report for Windows – See what a user has been doing
- Sprinkler system controlled by a Raspberry Pi
- Disable cloud features in Office 2013
- Enterprise Remote Control – Final Beta
- Secure the Google Chrome Web browser using Group Policy
- Enterprise Remote Control – Users Guide (Rough Draft)
- A free tab based remote desktop tool
- Enterprise Remote Control Beta Released
- Remote support without the monthly fees
- Get the dell service tag remotely
- A simple utility to help users print system information
- A Windows 2012 RDP Shadowing Alternative
- The NSA Guide to finding private information on the Internet
- Get a Network Information Tool for Windows
- Block IE 10 – Keep it out of automatic updates
- Remote Control Online Beta 4
- The Internet in 1995
- Software to help you free up hard drive space
- How to refresh group policy remotely
- Remove unwanted programs easily
- New version of SystemInfo.exe Released
- Import a .reg file remotely
- How your users can easily report their system information to you
- How to list all USB devices on your network
- Remote Control Online Beta 3
- Force windows updates remotely – even when WSUS can’t
- Enable File and Printer sharing from a script
- Add a domain group as a local administrator from a script
- Find files quickly in Windows
- File and Drive Defrag Tool – UltraDefrag
- Peek around your network with a free utility
- Free Virtualization Software
- 10 Free E-Books from Microsoft Press
- Remote Control Online Beta 1.1
- Free E-Book – Windows 8: An overview for IT Professionals
- Remote Support over the Internet
- Windows 8 – Enable the Admin Share
- Set wireless settings from a script
- Manage automatic updates from the command line
- Easily disable file encryption
- Spy on computers remotely
Search
Archives
- August 2016 (1)
- July 2016 (1)
- May 2016 (2)
- February 2016 (1)
- July 2015 (1)
- March 2015 (3)
- February 2015 (2)
- November 2014 (2)
- October 2014 (3)
- September 2014 (3)
- August 2014 (3)
- July 2014 (3)
- June 2014 (1)
- May 2014 (3)
- April 2014 (4)
- March 2014 (4)
- February 2014 (4)
- January 2014 (4)
- December 2013 (3)
- November 2013 (3)
- October 2013 (4)
- September 2013 (4)
- August 2013 (1)
- July 2013 (5)
- June 2013 (3)
- May 2013 (5)
- April 2013 (4)
- March 2013 (5)
- February 2013 (3)
- January 2013 (3)
- December 2012 (2)
- November 2012 (4)
- October 2012 (4)
- September 2012 (4)
- August 2012 (5)
- July 2012 (3)
- June 2012 (5)
- May 2012 (4)
- April 2012 (4)
- March 2012 (4)
- February 2012 (5)
- January 2012 (4)
- December 2011 (4)
- November 2011 (5)
- October 2011 (4)
- September 2011 (5)
- August 2011 (5)
- July 2011 (4)
- June 2011 (4)
- May 2011 (4)
- April 2011 (4)
- March 2011 (5)
- February 2011 (2)
- January 2011 (4)
- December 2010 (4)
- November 2010 (3)
- October 2010 (5)
- September 2010 (3)
- August 2010 (5)
- July 2010 (5)
- June 2010 (5)
- May 2010 (5)
- April 2010 (2)
- January 2010 (1)
- September 2009 (4)
- August 2009 (4)
- July 2009 (5)
- June 2009 (9)
- May 2009 (8)
- April 2009 (3)
- March 2009 (1)
- February 2009 (2)
- January 2009 (7)
- December 2008 (11)
- November 2008 (21)
- October 2008 (10)
- September 2008 (1)
- August 2008 (2)
- July 2008 (12)
- June 2008 (3)
- May 2008 (3)
- April 2008 (4)
- March 2008 (3)
- February 2008 (8)
- January 2008 (7)
- December 2007 (7)
- November 2007 (17)
- October 2007 (23)
- September 2007 (19)
- August 2007 (25)
- July 2007 (2)
- June 2007 (11)
- May 2007 (1)
- April 2007 (6)
- March 2007 (6)
- February 2007 (6)
- January 2007 (10)
- December 2006 (23)
- November 2006 (35)
- October 2006 (8)
- September 2006 (6)
- July 2006 (4)
- June 2006 (8)
- May 2006 (7)
- April 2006 (14)
- January 2006 (20)
- May 2005 (1)
Get an email notification on system logon
[η»ε:Post image for Get an email notification on system logon]
by Steve Wiseman on January 14, 2011 · 27 comments
in Microsoft,Tips,Windows 2008,Windows 2008 Core,Windows 2008 R2,Windows 7
I was digging around to find a way to get an email when someone logged on to our source control server. It is a pretty important server, so I want to make sure people are only logging into it when they are supposed to.
When I first started working on this idea I was going to write a custom application, and use that along with blat. Blat is an email sending program that can be used from the command line.
I was surprised that I could get exactly what I wanted, without any third party application. This works for 2008, Vista, and Windows 7 – if you are still running Windows 2003 you will need to cobble together a collection of apps that will accomplish this (Sorry)
Start out by opening the event viewer. Right click on the security log on the left hand side. Click on the menu item that says “Attach a task to this log”, and a task wizard will be displayed.
Security Log Attatch an Event
Type in a description for your task:
Logon Email Notification Description
This page is annoying. I have not had time to test on other systems. But on mine all the fields are disabled. It would be nice if I could enter the info I wanted here. Instead we will need to go into the advanced settings of the task – more on that in a little bit. Just click next.
Logon Email Notification Source
See. There is our option. Send an email. You could launch a program too, or have a message pop up for a specific user
Logon Email Notification Selection
Fill out your email settings. I pointed it at our internal exchange server:
Logon Email Notification Server Settings
Very important Don’t miss this one. Make sure you check the option to open advanced properties. Otherwise you will get an email message for every entry in the security log:
Logon Email Notification Change Settings
Click finish, and the advanced properties are displayed. Set the task to always run. Otherwise it would only run while you are logged on – and that would be silly
Logon Email Notification Run Always
Go to the “Actions” tab, and double click on the only action listed
Logon Email Notification Setting Properties
Set your source as “Microsoft Windows security auditing.” And your event ID number as 4624 (You can use 4634 for logoff)
Logon Email Notification Filter Settings
Click OK and you are done. When someone logs on to your system, you will receive an email notification with all of the event info.
The best part about this tip is that you don’t need any third party apps – it is all built into Windows.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 27 comments… read them below or add one }
Thanks,
But does it show the user that has actually logged on to the server?
just a small note:
Go to the "Actions" tab, and double click on the only action listed
should be:
Go to the "Triggers" tab, and double click on the only action listed
Hai, how to hide client system ip address to the intelliadmin by using clinet? is there any possible?
any idea how to have the script differentiate between a real meat world log on and a log on by Advapi?
They both generate an event ID of 4624 so I get hit with loads of emails.
Look for a way to lock it down to human log on only.
TIA.
The logon type for people sitting in front of the machine is 2.
This article shows how to get a report of this…use the script mentioned in the article and you should be able to modify it for your needs:
http://www.intelliadmin.com/index.php/2012/07/see-who-logged-on-to-a-computer-and-when/
how do i remove it ??
urgent
Hello Manish,
What are you trying to remove?
Thanks,
Steve
Thanks
Guys any idea how can i disable this alerts created under event viewer. This is just filling up my mail box every second. Please help
Is there any way to get an email when someone logs off? I just need this feature once a month when I’m doing regular maintenance. Too many users working via VPN all day long to let me boot the server anymore.
Hi,
I get the email notification but i don’t get any detail of login, could you please advise ? I expect to receive at least the ip address and time of login.
Thank you
Amit
Dear Support,
I am not able to send mail from security log
______________________________________
Task Scheduler failed to complete task “\Event Viewer Tasks\Security” , instance “{82e2e8a3-51db-48e4-9cdb-9c657b476b1f}” , action “login mail” . Additional Data: Error Value: 2147746321.
This error we are receiving kindly help I really appreciate for your help
Thanks
Ram
That error message 2147746321 means: CDO_E_SMTP_SEND_FAILED
This means you can’t send mail through the server. I would check the script by hand before running it as a task and see where the issue is.
How to delete the created event in the security please its urgent
How to delete the created event in the security please its urgent hurryyyyy
mr.Steve Wiseman
Hi Mohammed,
You can’t delete one event. MS has built it this way for security reasons. You would just need to clear the entire log…but then someone would notice that π
Hi,
I want to know, how can you send an e-mail without your smtp credentials. I’m trying to create a scheduled task but this task can not send an e-mail (because I didn’t write my password etc.)
Thanks
How to do you modify this task. I am receiving way too many e-mails all night long from this task?
For those of you who don’t know how to delete a task go into task scheduler – (administrative tools > Task Scheduler) and click on the task library select the task and delete it.
Also if you wan a way that won’t spam you to death setup the task manually however set the trigger to “At log on” instead of on events. Also add in 2 more trigger for “On Connection to user session” 1 for remote and 1 for local.
This way you will only get genuine logons and not from every time somebody connects to a file share or uses some other server resource.
Excellent! Works great, is there no way to pull the users info? I mean we have over 50users in my organisation… Is there no way to pull each user name?
Good Job, Worked Perfect, Also thanks to Michael for the complement.
Sweet. I needed to do the exact same thing for login notification, and I had no idea this feature existed. Thanks!
I just got an pop up error message saying:
An error has occured for the task user logon email notification. Error message: User account restriction error. The possible reasons are that blank passwords not allowed, or that a policy restriction has been enforced.
Hello All,
I followed the steps and configured the alerts.
I did log off and log in on to the server but still I have not received any email Alert
You should use event ID 4648 or you will have the mailbox flooded with emails π
Is this possible using gmail smtp? Our organization uses google for work.
Guys, i have problem with Windows 10, any Ideas? because this feature have been removed…
Apparently, it’s deprecated in windows 10.