Just edit and import XML-file into Task Scheduler.<\/p>\n
There is XML:<\/p>\n
<?xml version=”1.0″ encoding=”UTF-16″?>
\n<Task version=”1.2″ xmlns=”http:\/\/schemas.microsoft.com\/windows\/2004\/02\/mit\/task”>
\n<RegistrationInfo>
\n<Date>2013-07-26T06:55:11.4860707<\/Date>
\n<Author>Me<\/Author>
\n<Description>Sends emails when server is accessed via RDP (Flag 10 – Remote connect).<\/Description>
\n<\/RegistrationInfo>
\n<Triggers>
\n<EventTrigger>
\n<Enabled>true<\/Enabled>
\n<Subscription><QueryList><Query Id=”0″ Path=”Security”><Select Path=”Security”>*[System[(EventID=4624)]] and *[EventData[Data[@Name=’LogonType’] and (Data=10)]]<\/Select><\/Query><\/QueryList><\/Subscription>
\n<ValueQueries>
\n<Value name=”IpAddress”>Event\/EventData\/Data[@Name=”IpAddress”]<\/Value>
\n<Value name=”TargetUserName”>Event\/EventData\/Data[@Name=”TargetUserName”]<\/Value>
\n<Value name=”WorkstationName”>Event\/EventData\/Data[@Name=”WorkstationName”]<\/Value>
\n<Value name=”eventRecordID”>Event\/System\/EventRecordID<\/Value>
\n<\/ValueQueries>
\n<\/EventTrigger>
\n<\/Triggers>
\n<Principals>
\n<Principal id=”Author”>
\n<UserId>Administrator<\/UserId>
\n<LogonType>Password<\/LogonType>
\n<RunLevel>HighestAvailable<\/RunLevel>
\n<\/Principal>
\n<\/Principals>
\n<Settings>
\n<IdleSettings>
\n<Duration>PT10M<\/Duration>
\n<WaitTimeout>PT1H<\/WaitTimeout>
\n<StopOnIdleEnd>true<\/StopOnIdleEnd>
\n<RestartOnIdle>false<\/RestartOnIdle>
\n<\/IdleSettings>
\n<MultipleInstancesPolicy>IgnoreNew<\/MultipleInstancesPolicy>
\n<DisallowStartIfOnBatteries>true<\/DisallowStartIfOnBatteries>
\n<StopIfGoingOnBatteries>true<\/StopIfGoingOnBatteries>
\n<AllowHardTerminate>true<\/AllowHardTerminate>
\n<StartWhenAvailable>false<\/StartWhenAvailable>
\n<RunOnlyIfNetworkAvailable>false<\/RunOnlyIfNetworkAvailable>
\n<AllowStartOnDemand>true<\/AllowStartOnDemand>
\n<Enabled>true<\/Enabled>
\n<Hidden>false<\/Hidden>
\n<RunOnlyIfIdle>false<\/RunOnlyIfIdle>
\n<WakeToRun>false<\/WakeToRun>
\n<ExecutionTimeLimit>P3D<\/ExecutionTimeLimit>
\n<Priority>7<\/Priority>
\n<\/Settings>
\n<Actions Context=”Author”>
\n<SendEmail>
\n<Server>192.168.0.1<\/Server>
\n<Subject>[Logon Notice] $(WorkstationName) has been accessed via RDP<\/Subject>
\n<To>admin@firm.com<\/To>
\n<From>server@firm.com<\/From>
\n<Body>RDP Login Successful
\nEventID: $(eventRecordID)
\nSystem: $(WorkstationName)
\nFrom: $(IpAddress)
\nBy: $(TargetUserName)<\/Body>
\n<HeaderFields \/>
\n<\/SendEmail>
\n<\/Actions>
\n<\/Task><\/p><\/blockquote>\nP.S.: mail server can be like: 192.168.0.1:28<\/p>\n","protected":false},"excerpt":{"rendered":"
Just edit and import XML-file into Task Scheduler. There is XML: <?xml version=”1.0″ encoding=”UTF-16″?> <Task version=”1.2″ xmlns=”http:\/\/schemas.microsoft.com\/windows\/2004\/02\/mit\/task”> <RegistrationInfo> <Date>2013-07-26T06:55:11.4860707<\/Date> <Author>Me<\/Author> <Description>Sends emails when server is accessed via RDP (Flag 10 – Remote connect).<\/Description> <\/RegistrationInfo> <Triggers> <EventTrigger> <Enabled>true<\/Enabled> <Subscription><QueryList><Query Id=”0″ Path=”Security”><Select Path=”Security”>*[System[(EventID=4624)]] and *[EventData[Data[@Name=’LogonType’] and (Data=10)]]<\/Select><\/Query><\/QueryList><\/Subscription> <ValueQueries> <Value name=”IpAddress”>Event\/EventData\/Data[@Name=”IpAddress”]<\/Value> <Value name=”TargetUserName”>Event\/EventData\/Data[@Name=”TargetUserName”]<\/Value> <Value name=”WorkstationName”>Event\/EventData\/Data[@Name=”WorkstationName”]<\/Value> <Value name=”eventRecordID”>Event\/System\/EventRecordID<\/Value> <\/ValueQueries> […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,12],"tags":[],"class_list":["post-677","post","type-post","status-publish","format-standard","hentry","category-novosti","category-windows"],"_links":{"self":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=677"}],"version-history":[{"count":2,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/677\/revisions"}],"predecessor-version":[{"id":679,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/677\/revisions\/679"}],"wp:attachment":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}