How to Receive Email Notifications when a Windows Server or Windows 10/11 server is Unlocked.
If you want to receive an email notification every time an administrator account unlocks Windows 10/11 or Windows Server, then this tutorial is for you.
When you need to monitor critical systems, it's useful to receive an email alert every time someone unlocks a critical Windows Server or Windows 10/11 computer. If so, this guide shows you how to automatically receive an email alert when a Windows system is unlocked by any user, using the Windows Task Scheduler and PowerShell.
How to force Windows to send an email notification after unlocking and logging into Windows Server 2016/2019 or Windows 10/11.
- Requirement: An SMTP server for sending emails.
Step 1. Create a PowerShell Script to send email notifications.
The first step to completing this task is to create a PowerShell script that will send an email to a specific recipient with the details of the login (username & date/time).
1. Create a folder named "Scripts" on your C:\ drive or any other folder where you want to store the script that will send the email. *
* Note: In this guide we created the scripts folder in "C:\Windows\System32\Scripts".
2. Now open Notepad and copy–paste the following text to create the script:
# Info: This script sends an email when any user account logs on to the computer.
# Email credentials for SMTP Server
$Username = "sender@domain.com" # sender email address
$PlainPassword = "senderpassword" # sender email password
$SecurePassword = ConvertTo-SecureString $PlainPassword -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential ($Username, $SecurePassword)# Email content
$LoggedInUser = $env:USERNAME
$Computer = $env:COMPUTERNAME
$LocalTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$To = "recipient@domain.com" # recipient email address
$Subject = "ServerName Login Alert: $LoggedInUser"
$Body = @"
User $LoggedInUser has logged in to $Computer at $LocalTime.
"@# Send the email
Send-MailMessage -From $Username -To $To -Subject $Subject -Body $Body `
-SmtpServer "mail.domain.com" -Port 587 -UseSsl -Credential $Cred# Optional: local log file
Add-Content -Path "C:\Windows\System32\Scripts\UserLoginLog.txt" -Value "$LocalTime – $LoggedInUser logged in on $Computer"
3. Then modify the script text as follows:
- Replace "sender@domain.com" with your sender email address.
- Replace "senderpassword" with your sender's email address password.
- Replace "recipient@domain.com" with the recipient’s email address.
- Replace "ServerName" with the name of your Windows server or machine name.
- Replace "mail.domain.com" with the name of your SMTP server.
- Replace -if needed- "587" with your SMTPS server's port.
- Replace "C:\Windows\System32\Scripts" with the full path of the "Scripts" folder if you created it on another location.
4a. When done, from File menu select Save As.
4b. Now do the following in "Save as" dialog:
- Select to save the file inside the "Scripts" folder you created before.
- Choose in Save as type: All Files
- Choose in Encoding: Unicode
- Type as File name: "EmailAleltForUserLogins.ps1"
- Click Save and then close the Notepad.
5. Proceed to next step.
Step 2. Create a Schedule Task in Windows that will run the Script on Windows Unlock.
After you create the script to send email notifications, set it to run when the machine is unlocked by a user to log in to the Windows.
1. Open Task Scheduler and form the Action menu select Create Task.
2. In the 'Create Task' window do the following in General tab:
2a. Type a name for the task (e.g. "SendEmailOnUnlock")
2b. Select to Run with highest privileges
2c. Click Change User or Group
2d. On the 'Select User or Group' window type "Administrators" in the object name filed and click OK.
3. Select the Triggers tab and click New
3a. On the 'New Trigger' window select On workstation unlock for Any user and click OK.
4. Select the Actions tab and click New.
4a. In the 'New Action' window do the following and then click OK:
-
In the Program/script field, type "powershell.exe"
-
In Add arguments field, copy & paste the below text:
-
-ExecutionPolicy Bypass -File "C:\Windows\System32\Scripts\EmailAleltForUserLogins.ps1" -WindowStyle Hidden
5. Now select the Conditions tab and uncheck all settings.
6. Finally select the Settings tab, choose the following and then click OK:
-
Allow the task to be run on demand
-
Run Task as soon as possible after a scheduled start is missed.
-
If the task fails, restart every 1 minute.
-
Stop the task if it runs longer than 1 hour
-
If the running task does not end when requested, force it to stop.
9. After you create the task, press the Windows + L keys to lock the computer and then unlock it and login again to Windows.
9. After logging in, you should receive an email alert at the recipient email address you specified in the PowerShell script (step 1) notifying you of which user unlocked and logged in to the machine and when. Also the login event will also be logged in the "UserLoginLog.txt" file located inside the "Scripts" folder (e.g. "C:\Windows\System32\Scripts\UserLoginLog.txt" in this example).*
That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
