• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 984
  • Last Modified:

Winlogon Notification Packages

I have a little program running as a w2k service, and I need to add the code so that it gets called when a user logsOn and logsOff.

I was thinking with the Winlogon Notification Packages. Has anybody worked with this package ?

Thanks,
Carlos
0
cvillegas
Asked:
cvillegas
  • 5
  • 4
  • 3
1 Solution
 
jkrCommented:
This IMHO is overkill for what you want to do - it'd be way easier to use a 'RegNotifyChangeKeyValue()' on 'HKEY_USERS'. This will notify your service when a user's registry hive is loaded or unloaded, indicating a logon or logoff.
0
 
cvillegasAuthor Commented:
jkr:
Tell me a little more about your solution. Concern: what would happen if a user removed/changed/added information in the hive.

However, i'm open to suggestions. Please tell me a little more specific so that perhaps I can prototype it.

Thank you.
Carlos
0
 
cvillegasAuthor Commented:
jkr:
Tell me a little more about your solution. Concern: what would happen if a user removed/changed/added information in the hive.

However, i'm open to suggestions. Please tell me a little more specific so that perhaps I can prototype it.

Thank you.
Carlos
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jkrCommented:
>>Concern: what would happen if a user removed/changed/added information in the hive

That's something that I had in mind too. Basically the trick is to not watch the whole subtree, but only HKEY_USERS, like e.g.

while ( true) {

 if ( ERROR_SUCCESS == RegNotifyChangeKeyValue ( HKEY_USERS, FALSE, REG_NOTIFY_CHANGE_NAME, NULL, FALSE)) {

   // user logged on or off
 }
}

0
 
cvillegasAuthor Commented:
jkr:
Tell me a little more about your solution. Concern: what would happen if a user removed/changed/added information in the hive.

However, i'm open to suggestions. Please tell me a little more specific so that perhaps I can prototype it.

Thank you.
Carlos
0
 
jkrCommented:
As you seem to be using IE, do *not* refresh this page, it'll just add the same comment on and on - use the 'reload' link at the top instead...
0
 
cvillegasAuthor Commented:
jkr: suppose we have a scenario that two users log into a box. Correct me if I'm wrong, but wouldn't I have to keep track of two lists of users (one before the notify and one after the notify) that to determine which ones logged on/off?

Tell me something, can I, as a mischevious admin, remove entires from the HKEY_USERS?
0
 
jkrCommented:
>>Correct me if I'm wrong, but wouldn't I have to keep
>>track of two lists of users (one before the notify and
>>one after the notify) that to determine which ones
>>logged on/off?

Actually, it's sufficiand to read the key names, as they are in fact the textual representation of a SID - you can simply call 'LookupAccountSid()' to get the clear text names.

>>Tell me something, can I, as a mischevious admin, remove
>>entires from the HKEY_USERS?

Theorhetically yes - but not by default, as the security there is set to "SYSTEM". You'd have to take ownership first.
0
 
ambienceCommented:
cvillegas , IMHO there is not much an overkill in writing a notification package, it appears that writing a package is a very simple practice.

All you need to do is write a dll that exports functions that Winlogon should call when required for e.g.

void OnLogon (PWLX_NOTIFICATION_INFO pInfo)
{
     ....
}

void OnLogoff (PWLX_NOTIFICATION_INFO pInfo)
{
     ....
}

build that dll and register it under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

DllName = <your dll>
Logon = "OnLogon"
Logoff = "OnLogoff"

and thats all. There are about seven more events that you can hook, and the best thing is that you only need to handle what you require nothing more nothing less.

Though the registry approach may work but i recommend going through the proper channel. Also that is somewhat constrained a little bit for e.g. how about if you also want to handle "Shutdown"  or "Lock" event sometime.
0
 
cvillegasAuthor Commented:
ambience: does the DLL need to registerDLL/unregisterDLL methods. It's not a COM component so It doesn't get registered right?
0
 
ambienceCommented:
yes it doesnt, it has to be in system directory so that the entry DllName can contain the name of your file, or DllName can contain the path to the dll (though i havent tried this one, but i think it will work).
0
 
ambienceCommented:
in a sense methods do get registered , but that is by means of entries under specific registry keys.

As shown in my previous posts.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now