VBScript to detect authorised remote login session

Posted on 2015-02-10
Medium Priority
Last Modified: 2015-02-22
Hi Experts,
I would need some VBScript to achieve the following results:-

I have some designated gateway servers for vendors to use.
For this, I would need VBScript (which will be used as part of login script) to detect if any vendors are logging to servers without going through gateway servers and alerting via email.

Basic idea will be all remote login must be going through Gateway servers, for example
GateServer1 -
GateServer2 -
GateServer3 -
GateServer4 -
GateServer5 -

Script logic will be like:-
1) If remote source server name/ip does not match GateServerX or GateServerIP, create a new Event Source (VENDORS) with Event ID (8888) in target server application log for audit purpose.

2) In the newly created event should capture the following information:-
a) User ID logged on
b) Source Host Name/IP
c) Type of login session: RDP-TCP or ICA-TCP etc
d) Login server name - Server name that user is logged on
3) Flag out an email notification to Administrators for furter action.

4) This script should only detect RDP-Tcp# session, if it's Citrix session like ICA-TCP# session, can be ignored.


Kung Hui
Question by:kunghui80

Accepted Solution

eastms earned 1500 total points
ID: 40602364
Here is what i use as a login script for a few of my sensitive accounts, its ugly but works well for me:

Sample email generated:

User sysadmin has logged into COMPUTER1
Current Location of computer in AD:
Building 1
North Site

'Send email to You
Dim objShell
Set objMessage = CreateObject("CDO.Message") 
set objNet = CreateObject("wscript.network")
Set objShell = CreateObject("WScript.Shell")
'OU finder area
Set objSysInfo = CreateObject("ADSystemInfo")
strComputer = objSysInfo.ComputerName

Set objComputer = GetObject("LDAP://" & strComputer)
'i split OUs into seperate lines to make it easier to read in email.  If you dont have as many nested OUs you may remove some of the arrays below or an error may occour

arrOUs = Split(objComputer.Parent, ",")
arrMainOU1 = Split(arrOUs(0), "=")
arrMainOU2 = Split(arrOUs(1), "=")
arrMainOU3 = Split(arrOUs(2), "=")
arrMainOU4 = Split(arrOUs(3), "=")
arrMainOU5 = Split(arrOUs(4), "=")


rempcname = objShell.ExpandEnvironmentStrings("%CLIENTNAME%")

if rempcname = "%CLIENTNAME%" then
		rempcname = "Console"
	end if

'wscript.echo rempcname

'i split OUs into seperate lines to make it easier to read in email.  If you dont have as many nested OUs you may remove some of the arrays below or an error may occour
strmsgbody = ""
strmsgbody1 =   "User " & objNet.username & " has logged into "  & objNet.ComputerName &VbCr _
& "Current Location of computer in AD: " &VbCr _
& arrMainOU1(1) &VbCr _
& arrMainOU2(1)&VbCr _
& arrMainOU3(1)&VbCr _
& arrMainOU4(1)&VbCr _
& arrMainOU5(1)&VbCr _
& "Logged in via: " & rempcname

objMessage.Subject =  objNet.username & " logged into "  & objNet.ComputerName & " via " & rempcname
objMessage.From = "no-reply@domain.com" 
objMessage.To = "you@domain.com" 

objMessage.TextBody =  strmsgbody1 

'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 

'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "SMTP.DOMAIN.COM"

'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 


'==End remote SMTP server configuration section==


Open in new window


Author Closing Comment

ID: 40625036
Hi eastms,
The script does not cover all the perspective of my question for Item 1-4.  Item 1 & 4 were not accomplished, but the script provided does lead me to achieve those subsequently.

Thanks for assistance.

Kung Hui

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Through the video, you can check the migration process of Outlook PST file to PDF. Kernel for Outlook to PDF tool can convert Outlook emails with all attributes like Subject, To, From, Cc, Bcc and other folders such as Inbox, Outbox, Sent Items, Jun…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question