Auditing user login to server via rdp?

N

Nasfi2015-09-24 12:55:58

Information Security

Nasfi, 2015-09-24 12:55:58

Good day to all.
I ask for help or the right direction to find a solution to my problem. OS win server 2008r2 x64 standart
The essence of the task is to receive a letter by email when the user logs on to the terminal server. For the time being, I decided this way: I
attached the sendmail start task (with parameters) to the event code 4624 / Login. In principle, everything works fine. Letters come, but they come without indicating which user logged in, but I would like to receive a letter for each user separately. Whether prompt probably it by standard means? Or you will have to look for a third-party solution.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexander Nikitin, 2015-09-24
@padla2k

You can bind to the event the launch of a script that will retrieve this event, parse the username in the Message of the event and send it by mail.

M

Max, 2015-09-24
@MaxDukov

why not add the script to autorun for all users - and take the name from the environment variables?

A

athacker, 2015-09-24
@athacker

Powershell can be used to periodically parse logs and then send messages with the required fields. Here is an article, for example, about disassembling Windows logs on Powershell: habrahabr.ru/post/118644

O

other_letter, 2015-09-25
@other_letter

And I will offer to be content with little. No parsing or anything. On the task I understand that it is not enough users. So, we take the current list of users and send it by mail. Everything.
You can make it a little more complicated and add time from the opening of the session and sort it out for sure