dimiboy/Failed-Login-Reporter.ps1

## Failed-Login-Reporter.ps1
$NewFailedLogin = $null
$StartDate = get-date
$CamPath = "C:\CommandCam"
$SmtpServer = "smtp.mail.ru"
$From = ""
$to = ""
$Cred = Import-CliXml $CamPath\cred.clixml


$CurrentAudit = (auditpol /get /subcategory:"Logon")[4]
if( -not $CurrentAudit.Contains("Failure")){
	auditpol /set /subcategory:"Logon" /failure:enable
}

while ($true){
	$NewFailedLogin = (Get-EventLog -LogName security -Newest 1 -After $StartDate -instanceID 4625)
	if ($NewFailedLogin -ne $null){
		cd $CamPath
		.\CommandCam.exe
		sleep 1
		Send-MailMessage -SmtpServer $SmtpServer -Body ("Failed Logon Detected at " + $NewFailedLogin.TimeGenerated) -From $from -Subject "Failed Logon Detected"  -To $To -Credential $Cred -Verbose -UseSsl -attachment $CamPath\image.bmp

	}

	$NewFailedLogin = $null
	$StartDate = get-date
	sleep 5
}
	$NewFailedLogin = $null
	$StartDate = get-date
	$CamPath = "C:\CommandCam"
	$SmtpServer = "smtp.mail.ru"
	$From = ""
	$to = ""
	$Cred = Import-CliXml $CamPath\cred.clixml


	$CurrentAudit = (auditpol /get /subcategory:"Logon")[4]
	if( -not $CurrentAudit.Contains("Failure")){
	auditpol /set /subcategory:"Logon" /failure:enable
	}

	while ($true){
	$NewFailedLogin = (Get-EventLog -LogName security -Newest 1 -After $StartDate -instanceID 4625)
	if ($NewFailedLogin -ne $null){
	cd $CamPath
	.\CommandCam.exe
	sleep 1
	Send-MailMessage -SmtpServer $SmtpServer -Body ("Failed Logon Detected at " + $NewFailedLogin.TimeGenerated) -From $from -Subject "Failed Logon Detected" -To $To -Credential $Cred -Verbose -UseSsl -attachment $CamPath\image.bmp

	}

	$NewFailedLogin = $null
	$StartDate = get-date
	sleep 5
	}