Just a quick powershell script that can be kicked off by a scheduled tasks that runs when Event ID 1074 is logged automatically by someone attempting to reboot a server.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
<# .Name Reboot-Requested.ps1 .Description Powershell script that sends an email when someone requests to reboot a server. .Parameters None. .Version 0.1 .Author Kyle McDonald .Compatibility All .Release Date July 2014 .Notes Change Log v0.1, 20140701 - Initial version Create a scheduled task based on the following; - Trigger: When a specific event is logged --- Log: System --- Source: User32 --- Event ID: 1074 #> # Variables $HostName = $env:computername $DomainName = $env:userdnsdomain $MailHost = "mail.contoso.com" # Configure email. "From@Address", "To@Address1,To@Address2,etc@etc" $message.IsBodyHtml = $True $message.Subject = "$hostname told to Reboot!" $smtp = new-object Net.Mail.SmtpClient("$MailHost") $reboot_request = get-eventlog -newest 1 -logname system -source USER32 | where {$_.eventID -eq 1074} | fl TimeGenerated,UserName,Message | out-string $message.Body = $reboot_request $smtp.Send($message) |