Powershell??????????????????????
???????????? ???????[ 2013/9/16 13:38:37 ] ????????
if($code -eq 1)
{
$loginType=cut-string $message '???????:' '?μ??:'
$loginType=$loginType -replace('???????:'??'')
$loginType=$loginType -replace(' '??'')
if($loginType -eq 4)
{
break
}
}
$processInfo=cut-string $message '??????:' '???????:'
$processInfo=$processInfo -replace('??????: '??'')
$message=cut-string $message '?μ??' '????????????'
$loginName=cut-string $message '?????:' '?????:'
$loginName=$loginName -replace('?????:'??'')
$loginIp=cut-string $message '???????:' '????:'
$loginIp=$loginIp -replace('???????:'??'')
$ip=get-serverip
$loginedName=get_login_user
$Body="<table width='700' border='1' cellpadding='0' cellspacing='0' style='font-size:13px;'>
<tr style='background:#39F'>
<td>??????</td>
<td>??????</td>
<td>????</td>
<td>??????</td>
<td>?????IP</td>
<td>???????</td>
</tr>
<tr>
<td>$ip</td>
<td>$loginName</td>
<td>$processInfo</td>
<td>$time</td>
<td>$loginIp</td>
<td>$loginedName</td>
</tr>
</table>"
try
{
Send-Mail "Login on $ip" $Body
}
catch
{
ac -Path c:UserNotice.log -Value "[ $time Login] $error[0]"
}
}
#endregion
#region Cancel-Succ-Notice ?????????
function Cancel-Succ-Notice
{
$cancelInfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4634} | select timecreated??message
if($cancelInfo -eq $null)
{
break
}
if(($cancelInfo.gettype()).isarray)
{
$time=$cancelInfo[0].timecreated
$message=$cancelInfo[0].message
}
else
{
$time=$cancelInfo.timecreated
$message=$cancelInfo.message
}
$cancelName=cut-string $message '?????:' '?????:'
$cancelName=$cancelName -replace('?????:'??'')
$ip=get-serverip
$loginedName=get_login_user
$Body="<table width='700' border='1' cellpadding='0' cellspacing='0' style='font-size:13px;'>
<tr style='background:#39F'>
<td>??????</td>
<td>??????</td>
<td>??????</td>
<td>δ??????</td>
</tr>
<tr>
<td>$ip</td>
<td>$cancelName</td>
<td>$time</td>
<td>$loginedName</td>
</tr>
</table>"
try
{
Send-Mail "Cancel on $ip" $Body
}
catch
{
ac -Path c:UserNotice.log -Value "[ $time Cancel] $error[0]"
}
}
#endregion
#region Create-User-Notice ??????????
function Create-User-Notice
{
$userinfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4722} | select timecreated??message
if($userinfo -eq $null)
{
break
}
if(($userinfo.gettype()).isarray)
{
$time=$userinfo[0].timecreated
$message=$userinfo[0].message
}
else
{
$time=$userinfo.timecreated
$message=$userinfo.message
}
$operateUser=cut-string $message '????:' '??????:'
$operateUser=cut-string $operateUser '?????:' '?????:'
$operateUser=$operateUser -replace('?????:'??'')
$addUser=$message.substring($message.indexof('??????:'))
$addUser=cut-string $addUser '?????:' '?????:'
$addUser=$addUser -replace('?????:'??'')
$ip=get-serverip
$loginedUser=get_login_user
$Body="<table width='700' border='1' cellpadding='0' cellspacing='0' style='font-size:13px;'>
<tr style='background:#39F'>
<td>??????</td>
<td>???????</td>
<td>????????</td>
<td>???????</td>
<td>???????</td>
</tr>
<tr>
<td>$ip</td>
<td>$operateUser</td>
<td>$addUser</td>
<td>$time</td>
<td>$loginedUser</td>
</tr>
</table>"
try
{
Send-Mail "AddUser on $ip" $Body
}
catch
{
ac -Path c:UserNotice.log -Value "[ $time AddUser] $error[0]"
}
}
#endregion
#region Delete-User-Notice ?????????
function Delete-User-Notice{
$userInfo=Get-WinEvent -logname security -maxevents 10 | ? {$_.id -eq 4726} | select timecreated??message
if($userinfo -eq $null)
{
break
}
if(($userinfo.gettype()).isarray)
{
$time=$userinfo[0].timecreated
$message=$userinfo[0].message
}
else
{
$time=$userinfo.timecreated
$message=$userinfo.message
}
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11