Powershell监控操作系统用户账号事件并预警
作者:网络转载 发布时间:[ 2013/9/16 13:38:37 ] 推荐标签:
# 操作系统账号事件(登录、注销、新增、删除、软件安装)
# 主函数 Main
# @param string $str not null
# @param string $code not null
#
# Description:
# 设置登录事件的任务计划时,必须传递这两个参数
#
#region get-serverip 获取IP
function get-serverip
{
$serverip=gwmi win32_networkadapterconfiguration | ?{$_.IPAddress -ne $null -and $_.dhcpenabled -eq $false -and {$_.IPEnabled}} | %{$_.IPAddress}
if(($serverip.gettype()).isarray)
{
return $serverip[0]
}
else
{
return $serverip
}
}
#endregion
#region Send-Mail 发送邮件
function Send-Mail($Subject,$Body)
{
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential('account',$password)
$SmptServer="<A href="http://bxing.net" target=_blank>mail.xx.com.cn</A>"
<A href="mailto:$From='a@xx.com.cn'" target=_blank>$From='a@xx.com.cn'
</A> $To="test@xx.com.cn"
#抄送
#$Cc="cc@xx.com.cn"
$encode=[System.Text.UTF8Encoding]::UTF8
Send-MailMessage -SmtpServer $SmptServer -Credential $Credential -From $From -to $To -Encoding $Encode -Body $Body -Subject $Subject -Priority High -BodyAsHtml
}
#endregion
#region cut-string 裁剪字符串
function cut-string
{
param(
$str,
$start,
$end
)
return $str.substring($str.indexof($start),$str.indexof($end)-$str.indexof($start))
}
#endregion
#region get_login_user 获取登录账户
#return string
function get_login_user
{
$users=query user
$lists=New-Object system.Collections.ArrayList
for($i=1;$i -lt $users.Count;$i++)
{
$user = $users[$i] -replace(' ',' ')
while($user.indexof(' ') -gt 0)
{
$user = $user -replace(' ',' ')
}
if($user.indexof(' ') -eq 0 -or $user.indexof('>') -eq 0)
{
$user=$user.substring(1)
}
$user=$user -split(' ')
$list=New-Object psobject
#$time=$user[5]+" "+$user[6]
Add-Member -Name name -Value $user[0] -MemberType NoteProperty -InputObject $list
Add-Member -Name status -Value $user[3] -MemberType NoteProperty -InputObject $list
#Add-Member -Name time -Value $time -MemberType NoteProperty -InputObject $list
$lists+=@($list)
}
$loginUser = $lists | ?{$_.status -eq '运行中'} | select name
foreach($userName in $loginUser)
{
if($userNames -eq $null)
{
$userNames=$userName.name
}
else
{
$userNames=$userNames + ',' + $userName.name
}
}
return $userNames
}
#endregion
#region Login-Succ-Notice 成功登录事件
function Login-Succ-Notice
{
$loginInfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4624} | select timecreated,message
if($loginInfo -eq $null)
{
break
}
if(($loginInfo.gettype()).isarray)
{
$time=$loginInfo[0].timecreated
$message=$loginInfo[0].message
}
else
{
$time=$loginInfo.timecreated
$message=$loginInfo.message
}
相关推荐
更新发布
功能测试和接口测试的区别
2023/3/23 14:23:39如何写好测试用例文档
2023/3/22 16:17:39常用的选择回归测试的方式有哪些?
2022/6/14 16:14:27测试流程中需要重点把关几个过程?
2021/10/18 15:37:44性能测试的七种方法
2021/9/17 15:19:29全链路压测优化思路
2021/9/14 15:42:25性能测试流程浅谈
2021/5/28 17:25:47常见的APP性能测试指标
2021/5/8 17:01:11