# 操作系统账号事件(登录、注销、新增、删除、软件安装)
# 主函数 Main
# @param string $str not null
# @param string $code not null
#
# Description:
# 设置登录事件的任务计划时,必须传递这两个参数
#
#region get-serverip 获取IP
function get-serverip
{
$serverip=gwmi win32_networkadapterconfiguration | ?{$_.IPAddress -ne $null -and $_.dhcpenabled -eq $false -and {$_.IPEnabled}} | %{$_.IPAddress}
if(($serverip.gettype()).isarray)
{
return $serverip[0]
}
else
{
return $serverip
}
}
#endregion
#region Send-Mail 发送邮件
function Send-Mail($Subject,$Body)
{
$password = ConvertTo-SecureString 'password' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential('account',$password)
$SmptServer="<A href="http://bxing.net" target=_blank>mail.xx.com.cn</A>"
<A href="mailto:$From='a@xx.com.cn'" target=_blank>$From='a@xx.com.cn'
</A>    $To="test@xx.com.cn"
#抄送
#$Cc="cc@xx.com.cn"
$encode=[System.Text.UTF8Encoding]::UTF8
Send-MailMessage -SmtpServer $SmptServer -Credential $Credential -From $From -to $To -Encoding $Encode -Body $Body -Subject $Subject -Priority High -BodyAsHtml
}
#endregion
#region cut-string 裁剪字符串
function cut-string
{
param(
$str,
$start,
$end
)
return $str.substring($str.indexof($start),$str.indexof($end)-$str.indexof($start))
}
#endregion
#region get_login_user 获取登录账户
#return string
function get_login_user
{
$users=query user
$lists=New-Object system.Collections.ArrayList
for($i=1;$i -lt $users.Count;$i++)
{
$user = $users[$i] -replace('  ',' ')
while($user.indexof('  ') -gt 0)
{
$user = $user -replace('  ',' ')
}
if($user.indexof(' ') -eq 0 -or $user.indexof('>') -eq 0)
{
$user=$user.substring(1)
}
$user=$user -split(' ')
$list=New-Object psobject
#$time=$user[5]+" "+$user[6]
Add-Member -Name name -Value $user[0] -MemberType NoteProperty -InputObject $list
Add-Member -Name status -Value $user[3] -MemberType NoteProperty -InputObject $list
#Add-Member -Name time -Value $time -MemberType NoteProperty -InputObject $list
$lists+=@($list)
}
$loginUser = $lists | ?{$_.status -eq '运行中'} | select name
foreach($userName in $loginUser)
{
if($userNames -eq $null)
{
$userNames=$userName.name
}
else
{
$userNames=$userNames + ',' + $userName.name
}
}
return $userNames
}
#endregion
#region Login-Succ-Notice 成功登录事件
function Login-Succ-Notice
{
$loginInfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4624} | select timecreated,message
if($loginInfo -eq $null)
{
break
}
if(($loginInfo.gettype()).isarray)
{
$time=$loginInfo[0].timecreated
$message=$loginInfo[0].message
}
else
{
$time=$loginInfo.timecreated
$message=$loginInfo.message
}