citnetworks
asked on
Terminal Services Session Reconnect - run code
I am trying to create some code that runs whenever someone logs onto OR reconnects to a terminal server session in Windows Server 2003. I have already added the exe I want to run to the logon script section in AD. This runs whenever someone logs onto a new session but I also need to be able to run code when they reconnect to a disconnected session as well.
If anyone can point me in the right direction I'd appreciate it.
If anyone can point me in the right direction I'd appreciate it.
If they are rejoining an existing session no login scripts are executed. I agee with sirbounty, either force the disconnected sessions to logoff (GPO policy force logoff) or modify your exe to continuously run in the session. What is the exe doing, that enabling the audit policy for login/logout in the GPO can not (security log in the event viewer)?
ASKER
Thanks for the replies.
What I have is an application that logs hours that a person spends actively working on this server for billing purposes. I wanted my staff to be able to log on and be prompted for what project they were working on and the program would then keep track of the hours. Once they logged off or disconnected it would stop accumulating hours on that project. Once they reconnected or logged on I wanted this program to again prompt them with the project they were working on. I wanted to set this up so that they did not have to close all the work they had open every time they disconnected. As an example I work on this server from my office and from my home office. I constantly leave a dozen programs open in the middle of what I am doing when I change locations.
I was curious if there an event in the Windows OS that fired on reconnect that could be hooked with the program that started on the initial logon that would run according to the GPO policy. If I could hook that event that ran on connects or disconnects I could accomplish what I wanted.
What I have is an application that logs hours that a person spends actively working on this server for billing purposes. I wanted my staff to be able to log on and be prompted for what project they were working on and the program would then keep track of the hours. Once they logged off or disconnected it would stop accumulating hours on that project. Once they reconnected or logged on I wanted this program to again prompt them with the project they were working on. I wanted to set this up so that they did not have to close all the work they had open every time they disconnected. As an example I work on this server from my office and from my home office. I constantly leave a dozen programs open in the middle of what I am doing when I change locations.
I was curious if there an event in the Windows OS that fired on reconnect that could be hooked with the program that started on the initial logon that would run according to the GPO policy. If I could hook that event that ran on connects or disconnects I could accomplish what I wanted.
yes, the login/authentication event entry. But I do not know whether you can trigger anything since the application is running with the user's rights while access to the security log is limited to domain admins. You potentially can setup a process that scans the security log and updates a database table, that your application checks periodically. I Think the login/authentication event may reference that it resumed a session versus started a new one, but that has to be checked.
That's what I was thinking too...each time a session is disconnected, or a screen saver kicks in and it's unlocked, the user credentials are passed (I think it's a 540 or 576 event) - if you're logging those events.
You could easily script something to generate an output logfile...could even be setup for your program to pass the user name as an argument so that it only pulled out events for that user...
You could easily script something to generate an output logfile...could even be setup for your program to pass the user name as an argument so that it only pulled out events for that user...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will accept Arnolds answer for points. I ended up hiring a 3rd party to make this program and they utilized some functionality that seems similar to what Arnold mentioned here. They ended up making the program a service that ran on the server and registered itself for monitoring the logon, connect, etc. events. When these events occur the service processes them and opens up my timeclock program in the context of the user who has caused the event to occur.
Thanks for feedback.
Thanks for feedback.
You could also monitor the TS for disconnected sessions. (using a services).
The service could poll TS e.g. each minute to find who is active and who is disconnected.
Look for WTSQuerySessionInformation
The service could poll TS e.g. each minute to find who is active and who is disconnected.
Look for WTSQuerySessionInformation
If you need that kind of logging, I believe you'll have to remove their capability to continue their disconnected session...