How to Set Up Email Login Alerts on Windows 11 for Better Security

For Windows 11 users concerned about unauthorized access or simply wanting a more transparent log of who’s using their system, receiving an immediate email alert whenever someone logs into their PC offers a powerful layer of oversight. While this isn’t a built-in feature of Windows 11, setting it up is well within reach for anyone comfortable with scripts and Task Scheduler, and it can greatly increase peace of mind, especially in shared or workplace environments. Here’s how this system works, how effective and secure it really is, and what you should know before relying on such a solution.

Setting Up Email Notifications for Windows 11 Logins​

Receiving an email notification every time someone logs into your Windows 11 PC relies on a clever combination of PowerShell scripts and Task Scheduler automation. The process is straightforward but requires careful attention to detail to ensure both effectiveness and security.

Step 1: Drafting the PowerShell Script​

The core of this alert system is a PowerShell script that sends an email whenever it’s triggered. This script requires personalized configuration—namely, SMTP settings for your email provider (such as Gmail, Outlook, Yahoo, or others), your sender address, recipient address, and, crucially, your email password.
A typical script looks like this:

# Email Settings
$smtpServer = "smtp.youremailprovider.com"
$smtpPort = "587"
$smtpUser = "[email]yourname@youremailprovider.com[/email]"
$smtpPass = "youremailpassword"
$toEmail = "[email]recipient@email.com[/email]"
$subject = "Login Alert on $env:COMPUTERNAME"
$body = "User $env:USERNAME has just logged in at $(Get-Date)."

# Send Email
$msg = New-Object System.Net.Mail.MailMessage $smtpUser, $toEmail, $subject, $body
$smtp = New-Object Net.Mail.SmtpClient($smtpServer, $smtpPort)
$smtp.EnableSsl = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($smtpUser, $smtpPass)
$smtp.Send($msg)

Substitute the placeholders above with the actual SMTP server address and your account credentials. This script can work with most email providers, though if you use two-factor authentication (2FA) on your account—as most security experts recommend—you will need to generate an app-specific password for the script to operate.

Security Note: Plaintext Credentials​

Storing your email password in plaintext within the script is a serious security risk. If anyone gains access to the file, they could compromise your entire email account. To mitigate this, some users opt for a throwaway email specifically for login alerts. Others set strict file permissions so only critical system accounts can read the script. Still, this remains a notable vulnerability; Microsoft’s documentation and the broader security community consistently warn against storing credentials in this way.

Step 2: Automating with Task Scheduler​

Once the script is configured, automation is handled through Windows Task Scheduler, a powerful (though underutilized) administrative tool built into all editions of Windows 11.
Open Task Scheduler and create a new task with your chosen name—something obvious, like “Login Email Alert.” In the configuration options:

• Run Whether User Is Logged On or Not
• Run With Highest Privileges

Set the trigger to “At Log On,” and specify “Any User” if you want to be notified of all logins, or select a specific account if you’re only interested in one. Under “Actions,” set “Start a Program,” with the program being powershell.exe and arguments referencing your script, such as:
-ExecutionPolicy Bypass -File "C:\Scripts\SendLoginEmail.ps1"
Once you save the task (entering your admin credentials as prompted), the script will execute automatically each time a login occurs.

Step 3: Hiding the PowerShell Window​

For advanced users or in environments where discretion matters, the sudden appearance of a PowerShell window could tip off users that monitoring is in place. This can be circumvented by wrapping the PowerShell script execution in a simple VBScript that runs it silently:

Set objShell = CreateObject("Wscript.Shell")
objShell.Run "powershell.exe -ExecutionPolicy Bypass -File ""C:\Scripts\SendLoginEmail.ps1""", 0, False

Save this as SendLoginEmail.vbs and change your scheduled task’s action to launch wscript.exe, with your VBS file as the argument.

Pros and Real-World Usefulness​

Enhanced Security Awareness​

For households where multiple people use the same PC, or in a business environment where data privacy is vital, receiving an instant login notification can flag unauthorized access the moment it happens. This approach supplements, rather than replaces, Windows’ own built-in logging capabilities (such as auditing in Event Viewer), making it easier for less technical users to notice security events in real time.

Customization and Control​

Because the notification script is fully user-configurable, you can tailor the message, recipient, and even the conditions under which alerts are sent. For highly secure settings or for specific workgroup scenarios, adding additional logic—for example, sending alerts only during certain hours or for particular accounts—offers granular control unmatched by many off-the-shelf endpoint security products.

Non-Invasiveness​

Since this method relies solely on native Windows utilities and scripting languages, there’s no need to install potentially untrusted third-party monitoring software that could further compromise privacy or bog down your system. The power is in the hands of the administrator, and the setup is entirely reversible: simply delete or disable the scheduled task to stop receiving alerts.

Navigating Potential Risks​

1. Email Account Exposure​

The most pressing risk is exposing your email credentials. PowerShell scripts are inherently readable to anyone with sufficient system access. If you use your primary email provider and your real password, an attacker could send mail on your behalf—potentially locking you out or using your address for phishing attacks.
Mitigation tips:

• Use an email account dedicated solely to login alerts.
• Store scripts in a locked-down directory, such as under your account’s AppData or a custom folder with strict NTFS permissions.
• If possible, use environment variables or encrypted credential stores—though this introduces significant complexity and isn’t supported natively by the SmtpClient approach shown above.

2. Email Deliverability Issues​

Some email providers flag automated email sent from scripts as spam or even block SMTP access from less secure applications. Gmail and Outlook both require, at minimum, app-specific passwords for SMTP use if you have 2FA enabled—this is an important configuration step that should not be overlooked. Furthermore, repeated emails in short succession (such as if a system has many users logging in) may result in your notification email address being throttled or blacklisted.

3. Latency and Reliability​

Email isn’t an instantaneous medium. While most notifications are delivered within seconds or minutes, clogged provider queues, network downtime, or faulty SMTP configurations may mean you miss crucial alerts. It’s wise to periodically test the system to confirm notifications consistently arrive.

4. Script Visibility​

While launching the PowerShell script via VBScript hides the command window, the presence of the script files (especially if poorly named or stored in a public area like the Desktop) is a telltale sign for anyone actively looking to avoid detection. Security through obscurity is never a reliable defense. Savvy users could disable the Scheduled Task or delete the scripts if they gain administrative access.

5. Bypassing and Tampering​

The script is only as useful as its tamper-resistance. Anyone with administrative access could disable or change the notification mechanism. For air-tight security, pair this method with Windows auditing and review tool logs in the Security event log, which records both successful and failed logins as well as task execution attempts. More advanced users may also want to configure alerts from a centralized SIEM (Security Information and Event Management) solution, but that’s outside the scope of most personal environments.

How This Approach Compares to Third-Party Solutions​

Several monitoring programs and endpoint security suites—such as Norton, McAfee, and enterprise solutions like CrowdStrike, SentinelOne, and Microsoft Defender for Endpoint—feature centralized alerting, including email-based login notifications. These commercial tools bundle more robust credential protection, centralized management, stronger anti-tampering controls, and support for multifactor notification channels (such as SMS or in-app push alerts). However, they often come with subscription fees, heavier system footprints, and potential privacy trade-offs.
The script-and-task method is lighter weight, builds on tools already present in every version of Windows 11, and fits well for independent users and enthusiasts who desire full administrative control. For small businesses or personal computing setups, this strikes an efficient balance between capability and complexity.

Customizing Your Login Alert System for Better Results​

Implementing email login alerts is just the beginning. With PowerShell, you can expand functionality even further:

• Include network details: Add information about the IP address or device accessing the system, especially if remote connections (RDP, VPN) are in use.
• Track failed logins: Notify after multiple failed login attempts as possible indicators of brute force attacks.
• Integrate with smartphone notifications: Use free APIs (such as IFTTT or Pushover) to send push notifications, not just email.
• Daily or weekly reports: Instead of real-time alerts, batch notifications into regular summaries to avoid inbox overload.
• Multi-recipient notifications: Add CC or BCC for family or IT team members.

Here’s a reimagined snippet to capture IP details for more comprehensive alerts:

$ip = (Invoke-WebRequest -Uri "[url]http://ifconfig.me/ip[/url]").Content
$body = "User $env:USERNAME has just logged in at $(Get-Date). IP address: $ip"

Such enhancements require a little PowerShell know-how, but are well-supported by Microsoft’s documentation and active online communities.

The Broader Picture: Why Proactive Access Monitoring Matters​

Microsoft continues to invest in security both for personal and enterprise users—Windows Hello, Credential Guard, BitLocker, and advanced Windows Defender settings are testament to this. Nevertheless, for many users, especially those in multi-user households or less formal work settings, real-time information about who is logging in is not surfaced by default. This email-based notification approach remedies that gap, bringing system activity into immediate focus.
Moreover, in an era where remote work, hot-desking, and device sharing are more common, knowing instantly about access events helps enforce user accountability and trace suspicious behaviors before they manifest as security incidents.

The Final Word: Prudent Early Warning, Not Foolproof Defense​

Setting up email alerts for logins on Windows 11 bridges the information gap between silent access and actionable awareness. When used responsibly—preferably with a secondary alert-specific email, good file permissions, and periodic testing—this method provides a practical early warning system for both home and light business environments.
However, savvy readers should approach it as an augmentation, not a substitute, for strong user account management, sound password policies, and thorough Windows security audits. It’s an efficient method for the proactive, privacy-minded user who wants to keep tabs on device access without relying on external tools.
For those comfortable venturing into scripting and administrative settings, the entire process—from writing the script and selecting the right SMTP settings, to tailoring Task Scheduler and optionally hiding execution windows—can be completed in under an hour. Continued testing and vigilance are required to maintain reliability and safety—attributes at the core of responsible personal computing.
If your setup includes broader access control needs, guest accounts, or advanced monitoring, expand on the basics with features above, or consider combining native Windows tools with leading third-party endpoint protection for a better-rounded and more resilient solution.
Ultimately, leveraging scripting and automation remains one of Windows 11’s lesser-celebrated—but immensely valuable—capabilities. Combined with good security hygiene, it can make all the difference in keeping your computing environment as secure and transparent as you need it to be.

---

Source: How-To Geek Here's How I Get an Email When Someone Logs Into My Windows 11 PC