SMS PASSCODE Authentication Failure Email Alerts

SMS PASSCODE is a good tool, but it does not provide functionality to alert in the event of an authentication failure. It does, however, log quite verbosely to Windows event logs. Built-in Windows functionality can be used to receive email alerts when a login fails:

Create Send-FailedLoginAlert.ps1 script

Copy the following to a known location (in this example, C:\Scripts\Send-FailedLoginAlert.ps1).

Create the Scheduled Task

Create a scheduled task, configured as follows:

  • General
    • Run whether user is logged on or not
    • Do not store password
  • Triggers
    • On an event:
      • Log: SMS PASSCODE Security
      • Source: Authentication Proxy
      • Event ID: 2000
  • Actions
    • Start a program
      • Program: powershell.exe
      • Arguments: -ExecutionPolicy Unrestricted -File C:\scripts\Send-FailedLoginAlert.ps1

Now, any time event 2000 is fired in the SMS PASSCODE Security log, an email will be trigged using the parameters in the script.

Written on August 3, 2016