SMS PASSCODE Authentication Failure Email Alerts
Written on August 3, 2016

SMS PASSCODE is a good tool, but it does not provide functionality to alert in the event of an authentication failure. It does, however, log quite verbosely to Windows event logs. Built-in Windows functionality can be used to receive email alerts when a login fails:

Create Send-FailedLoginAlert.ps1 script

Copy the following to a known location (in this example, C:\Scripts\Send-FailedLoginAlert.ps1).

# Fired when a SMSSec 2000 (AuthN failure) occurs
$SmtpDetails = @{
    "SmtpServer" = ""
    "To" = "[email protected]"
    "Subject" = ""
    "Body" = ""
    "From" = "[email protected]"
    "BodyAsHtml" = $true
    "Priority" = "High"
# Get the latest 2000 event from the SMSSec log
$Event = Get-EventLog -LogName "SMSSec" -Newest 1 -InstanceId 2000
# Tear the details of the event apart into a hashtable we can work with
$EventDetails = @{}
$event.ReplacementStrings.Split("`n") | % {
    try { $EventDetails.Add($_.Split(":")[0].Trim(), $_.split(":")[1].Trim()) } catch { }
$SmtpDetails.Subject = "'$($EventDetails.Login)': SMS PASSCODE Login Failure! "
$SmtpDetails.Body = @"
<strong>SMS PASSCODE Authentication Failure!</strong><br /><br />
Timestamp: $($Event.TimeGenerated)<br />
Username: $($EventDetails.Login)<br />
End-User IP: $($EventDetails.'End-user IP')<br />
Reason: $($EventDetails.Reason)<br /><br />
Session ID: $($EventDetails.'Session ID')<br />
Send-MailMessage @SmtpDetails

Create the Scheduled Task

Create a scheduled task, configured as follows:

Now, any time event 2000 is fired in the SMS PASSCODE Security log, an email will be trigged using the parameters in the script.


There's no commenting functionality here. If you'd like to comment, please either mention me (@[email protected]) on Mastodon or email me. I don't have any logging or analytics running on this website, so if you found something useful or interesting it would mean a lot to hear from you.