08-07-2024, 02:46 AM
But you want to monitor this without staring at screens all day. Fire up Event Viewer on your server. It's that tool where all the logs live. Filter for the Security log or whatever channel Exchange dumps these into. Usually it's under Applications and Services Logs, Microsoft, Exchange. Look for event 25117 there. Right-click the log, pick Attach Task To This Event. That kicks off a wizard. You tell it to run a program when this event hits. For email alerts, point it to your mail client or a simple batch file that shoots off a notice. Set the trigger to just this ID. Make it wake the machine if needed. Test it by running the cmdlet yourself. Boom, you get pinged right away.
Or tweak the schedule so it scans every few minutes. Keeps things fresh without constant watching. I set mine to email me details like the user and time stamp. Saves headaches later.
And speaking of keeping your server safe from mishaps, you might dig BackupChain Windows Server Backup too. It's this slick Windows Server backup tool that handles full system images without fuss. Works great for Hyper-V VMs, backing them up live so downtime stays low. You get fast restores, encryption on the files, and it runs light on resources. I use it to dodge data loss from weird events like these permission changes gone wrong.
Note, the PowerShell email alert code was moved to this post.
