{"id":708,"date":"2015-05-20T12:50:40","date_gmt":"2015-05-20T10:50:40","guid":{"rendered":"http:\/\/dety.net.ua\/?p=708"},"modified":"2015-05-20T12:52:38","modified_gmt":"2015-05-20T10:52:38","slug":"eventviewer-powershell-event-4740","status":"publish","type":"post","link":"https:\/\/dety.net.ua\/?p=708","title":{"rendered":"EventViewer + Powershell + Event 4740"},"content":{"rendered":"<p>I attached this script to the event 4740 to notify users about issues with their acounts<\/p>\n<p>Script:<\/p>\n<blockquote><p>############################################<br \/>\n# Alert script for the security event 4740 #<br \/>\n# Just attach it to the event\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #<br \/>\n# \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2015\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 #<br \/>\n############################################<\/p>\n<p># Get the latest event<br \/>\n$AccountLockOutEvent = Get-EventLog -LogName &#8220;Security&#8221; -InstanceID 4740 -Newest 1<\/p>\n<p># Extract the data and assign variables<br \/>\n$AccountLockOutEventTime = $AccountLockOutEvent.TimeGenerated<br \/>\n$AccountLockOutEventMessage = $AccountLockOutEvent.Message<br \/>\n$Account = $AccountLockOutEvent.ReplacementStrings[0]<br \/>\n$Computer = $AccountLockOutEvent.ReplacementStrings[1]<br \/>\n$AccountMail = $Account + &#8220;@company.com&#8221;<\/p>\n<p># Generate custom info-messages<br \/>\n$MM = switch ($Computer)<br \/>\n{<br \/>\nmail1 {&#8220;to the mail-server&#8221;}<br \/>\nmail1 {&#8220;to the mail-server&#8221;}<br \/>\nDC1 {&#8220;to the domain controller&#8221;}<br \/>\nDC2 {&#8220;to the domain controller&#8221;}<br \/>\nDC3 {&#8220;to the domain controller&#8221;}<br \/>\nIIS {&#8220;to the web-services&#8221;}<br \/>\ndefault {&#8220;to our servers or services&#8221;}<br \/>\n}<\/p>\n<p># Create the e-mail message<br \/>\n$messageParameters = @{<br \/>\nSubject = &#8220;Account Locked Out: $Account&#8221;<br \/>\nBody = &#8220;&lt;b&gt;&lt;font color=red&gt;Account $Account was locked out on $AccountLockOutEventTime due 10 incorrect attempts $MM.&lt;\/br&gt;&lt;br&gt;&lt;font color=blue&gt;Please, check the saved passwords\u00a0 in your system and browser: &lt;a href=http:\/\/wiki.complany.com.ua\/cache.html&gt;http:\/\/wiki.company.com.ua\/cache.html&lt;\/a&gt;&lt;\/br&gt;&lt;br&gt;Event Details:&lt;\/br&gt;&lt;br&gt;&lt;font color=green&gt;$AccountLockOutEventMessage&#8221;<br \/>\nFrom = &#8220;pguard@company.com&#8221;<br \/>\nTo = &#8220;adm@company.com&#8221;, $AccountMail<br \/>\nSmtpServer = &#8220;192.168.100.220&#8221;<br \/>\n}<\/p>\n<p># Send the e-mail<br \/>\nSend-MailMessage @messageParameters -BodyAsHtml<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>I attached this script to the event 4740 to notify users about issues with their acounts Script: ############################################ # Alert script for the security event 4740 # # Just attach it to the event\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # # \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2015\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 # ############################################ # Get the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,12],"tags":[],"class_list":["post-708","post","type-post","status-publish","format-standard","hentry","category-novosti","category-windows"],"_links":{"self":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=708"}],"version-history":[{"count":3,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/708\/revisions"}],"predecessor-version":[{"id":711,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/708\/revisions\/711"}],"wp:attachment":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}