Event log tasks how to get username?
Hi we are getting a few users locking their accounts out.
I have created a Task against the event log which checks for accounts that are locked out every 5 minutes, the action text I have created is "%username% account has been locked out. Please log a call, find out why it was locked out and unlock." this works perfectly.
I indeed do get a message saying "%username% account has been locked out. Please log a call, find out why it was locked out and unlock."
I want the actual Username to show in the email not text saying %username%. Has anyone got this to work? The only thing I can think of is writing a powershell script to run which will check the event logs and email the results as an attachment
however it seems a little over the top! Let me know if anyone has any ideas thanks folks
Adam MCP, MCSA, MCSA:M, MCSE, MCTS, VCP
May 18th, 2011 10:09am
What version of Windows is running the task that checks the event log?
Free Windows Admin Tool Kit Click here and download it now
May 19th, 2011 1:55pm
Criag,
Sorry its server 2008 R2 SP1 but I decided to write a powershell script instead
# Email Settings
# Create from/to addresses
$from = New-Object System.Net.Mail.MailAddress "ACCOUNTSLOCKEDOUT@domain.com"
$to = New-Object System.Net.Mail.MailAddress "myemail@address"
# Create Message
$message = new-object System.Net.Mail.MailMessage $from, $to
$message.Subject = "An account has been locked out."
# Set SMTP Server and create SMTP Client
$server = "10.171.173.60"
$client = new-object system.net.mail.smtpclient $server
$acclockout = ""
$acclockoutdata = ""
try
{
$acclockout = get-eventlog security -InstanceID 4740 -newest 1
}
catch {}
# Send the message
"Sending an e-mail message to {0} by using SMTP host {1} port {2}." -f $to.ToString(), $client.Host, $client.Port
if($acclockout -ne "")
{
$acclockoutdata = $acclockout.TimeGenerated.ToString()
$acclockoutdata += $acclockout.Message
$message.Body = $acclockoutdata
try
{
$client.Send($message)
"Message to: {0}, from: {1} has beens successfully sent" -f $from, $to
}
Catch {}
}
Adam MCP, MCSA, MCSA:M, MCSE, VCP
May 20th, 2011 7:43am