Set-IPAllowListConfig Exchange cmdlet issued (25395) how to monitor with email alert

[bob]

You know that Event ID 25395 in Windows Server Event Viewer? It's basically the log entry that pops up whenever someone runs the Set-IPAllowListConfig cmdlet in Exchange. I mean, this thing triggers right when that command gets issued, logging details like who did it, from which IP, and what changes they made to the IP allow list. It's super handy for spotting if admins are tweaking those email security rules, or if something fishy is going on with unauthorized access attempts. Picture this: the event shows up under the MSExchange Management application log, with a level of Information, and it includes the full command parameters so you can see exactly what got adjusted. I always check it because if someone's messing with the allow list without reason, it could open up your server to spam or worse. And yeah, it records the timestamp, user account, and even the session info, making it easy to trace back any odd behavior.

But keeping an eye on it manually? That's a drag. You can set up alerts through Event Viewer itself, no fancy coding needed. Just fire up Event Viewer on your server, head to the Custom Views section, and create a new one filtering for Event ID 25395 in the right log. I do this all the time to stay ahead. Then, link it to a scheduled task that triggers on that event-go to the Actions tab, pick Create Task, and set it to run a simple program like sending an email via your server's mail setup. You tell it to watch for new instances of 25395, and boom, it kicks off the task every time it happens. Make the task interval short, like every few minutes, so you get pinged quick if something stirs. I set mine to email me directly, using the built-in schtasks utility tied to Outlook or whatever you have. It's straightforward, and you don't need to be a wizard to get it humming.

Or, if you want it even smoother, think about tying this into broader server monitoring tools that handle alerts out of the box. At the end of this chat, there's the automatic email solution we can plug in later to make those notifications fly without lifting a finger.

Speaking of keeping your server locked down and backed up, I've been messing with BackupChain Windows Server Backup lately, and it's this neat Windows Server backup tool that also handles Hyper-V virtual machines without breaking a sweat. It snapshots everything quick, encrypts the data on the fly, and lets you restore files or whole VMs in minutes, saving you from those nightmare recovery sessions. Plus, it runs lightweight, so it doesn't hog resources, and the incremental backups mean you store way less junk over time.

Note, the PowerShell email alert code was moved to this post.