$EmailSubject

<# =========================================================================== Created by: Rob Peters Organization: Focus Group Filename: RDSLoginsDisabled.ps1 =========================================================================== Simple script to be run on RDS Gateway to check collections for RDS Servers with logins disabled. If logins are detected it will send a formatted email with all RDS servers/collections and highlight disabled ones. Powershell must be run as administrator (or system) otherwise it can't access the RDP information. #> Import-Module RemoteDesktop #Set path of file containing server names. If you have multiple list on each line. MUST INCLUDE FQDN (eg servername.domain.local) $KnownServersFile = "C:\RDS\serversoutofpool.txt" If ((Test-Path $KnownServersFile) -eq $True) { $KnownServersOutOfPool = Get-Content -Path 'C:\RDS\serversoutofpool.txt' } #Get server information ForEach ($CollectionName in Get-RDSessionCollection) #Get collections { foreach ($Server in (get-rdsessionhost -collectionname $CollectionName.CollectionName)) #Get server names and states { #Check Uptime $ServerUptime = $null $ServerUptime = (Get-Date) - (Get-CimInstance Win32_OperatingSystem -ComputerName $Server.SessionHost).LastBootupTime $ServerUptimeReadable = ""+$serveruptime.days+" days "+$serveruptime.hours+" hours" #CheckOnline $ServerOnline = $null $ServerOnline = Test-connection -ComputerName $Server.SessionHost -Quiet -Count 1 #Check if it's in the known out of pool list or not if ($KnownServersOutOfPool -notcontains $Server.SessionHost) { #Build array with items IN pool $AllServers += @([pscustomobject]@{ServerName=$Server.SessionHost;CollectionName=$CollectionName.CollectionName;ConnectionAllowed=$Server.NewConnectionAllowed;Online=$ServerOnline;ServerUptime=$ServerUptimeReadable}) } else { #Build array with items OUT of pool $AllServersOOP += @([pscustomobject]@{ServerName=$Server.SessionHost;CollectionName=$CollectionName.CollectionName;ConnectionAllowed=$Server.NewConnectionAllowed;Online=$ServerOnline;ServerUptime=$ServerUptimeReadable}) } } } #Remove comments below to add a fake out of pool connections entries (used for testing) #$AllServers += @([pscustomobject]@{ServerName='Test Server 1';CollectionName='Test Collection';ConnectionAllowed='No';Online="False";ServerUptime="11 billion years"}) #$AllServers += @([pscustomobject]@{ServerName='Test Server 2';CollectionName='Test Collection';ConnectionAllowed='No';Online="True";ServerUptime="3 billion years"}) #If any servers in the AllServers list have logins denied then send email (and aren't in the exclusions file) if ($AllServers.ConnectionAllowed -contains "No") { $Table = [PSCustomobject]$AllServers| ConvertTo-Html -Fragment -As Table #Convert array to HTML Table for later $Table = $Table -replace "True", "Yes" #Dirty fix to make "True" into "Yes" (easier than recursively building the table with IF statements) $Table = $Table -replace "False", "No" #Dirty fix to make "False" into "No" $Table = $Table -replace "No", "No" #Dirty fix to make "No" cell red $CountDisabledServers = $AllServers.Where({$_.ConnectionAllowed -eq "No"}).Count #Count the numbers of servers that have logins disabled #Don't add excluded servers info if no servers are excluded if ($KnownServersOutOfPool) { $TableOOP = [PSCustomobject]$AllServersOOP | ConvertTo-Html -Fragment -As Table #Convert array to HTML Table for later $OOPOutput = "

The below servers are out of pool on purpose so please don't add them.

$($TableOOP)" } #Create Email $SMTPUsername = "RDSAlerts@domain.com" $SMTPPassword = "password" $SMTPServer = "mail.server.com" $SMTPPort = "25" $SMTPCredentials = New-Object System.Management.Automation.PSCredential -ArgumentList $SMTPUsername, ($SMTPPassword | ConvertTo-SecureString -AsPlainText -Force) $SMTPFrom = "Focus RDS Notifications " $SMTPRcptTo = "monitoring@domain.com" $SMTPSubject = "$CountDisabledServers RDS server(s) found with logins disabled on $env:computername.$env:userdnsdomain" $SMTPBody = @" $EmailSubject

There has been $($CountDisabledServers) RDS server(s) found with logins disabled.
This ticket should be considered a P2.

Please check recent tickets for this customer and find out why logins are disabled.
If they are going to be disabled for a while please consider excluding them from this check.

RDS Gateway Name: $($env:computername)

$($Table) $($OOPOutput)

"@ #Send Email Send-MailMessage -From $SMTPFrom -To $SMTPRcptTo -SmtpServer $SMTPServer -Port $SMTPPort -Credential $SMTPCredentials -Subject $SMTPSubject -BodyAsHtml $SMTPBody echo "Email has been sent!" } else { echo "Nothing to send" } #Output info so can be viewed via Datto Stdout echo "" echo $AllServers | ft echo "" echo "Excluded servers" echo $AllServersOOP | ft #Clear array if it has items do can be re-run in the same job $AllServers.Clear() if ($AllServersOOP) {$AllServersOOP.Clear()}