• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2773
  • Last Modified:

Detecting Windows Logon events in XP/Vista

I'me developing and application where I need to detect logons and then display something when somebody has actually logged on. Note that the customer has specified 'logon' as any time a user goes through a signon screen (thus a workstation unlock counts as a logon here).

This is going to be used in Vista in the future, so Winlogon Notification Packages seem to be out, as does the GINA approach.

My readings imply that I have two ways to go:
- Service Control Manager Notifications (which seem to provide lock/unlock/logoff/logon states)
- the System Events Notification Service (which provides ISensLogon methods for the four above, plus others such as StartShell and StopScreenSaver).

Has anybody used or played with the above, and can they give comments on which is the best way to go? Note that the application will have to be able to look across different logons, so I suspect it will end up as a service. On the other hand, I'm still at the thinking stage so nothing's cast in stone.

Any and all comments welcome!                                    

John B
0
prunesquallor
Asked:
prunesquallor
1 Solution
 
Joseph DalyCommented:
Longshot here but what about turning on security logging for successful events. This would create an event in the event viewer for each successful logon/authentication.
0
 
jkrCommented:
No need to use a GINA here, take a look at "Winlogon Notification Packages": http://msdn.microsoft.com/en-us/library/aa380545.aspx

The pages linked from there will give you detailed information on how to handle the events described at http://msdn.microsoft.com/en-us/library/aa380544(VS.85).aspx ("Winlogon Notification Events")

On Vista, these are superseded by the System Event Notification Service (SENS) - see http://msdn.microsoft.com/en-us/library/aa376860.aspx ("ISensLogon Interface") for more on that.
0
 
prunesquallorAuthor Commented:
Thanks for t comments. My immediate responses are:
 - Is it easy to programmatically read the event log (especially in real time - the program has to respond to the logon event)?
- I believe the Winlogon Notification Packages won't work under Vista (nor will GINAs), which alas puts them out of play.
- What I was looking for was if anyone had tried SENS vs Service Control Manager Notifications, and could recommedn either approach. Or is SENS the 'official' way to go?

ATB and thanks,

John B
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
jkrCommented:
'SENS' is the official way for Vista, as the 'Winlogon Notification Packages' are for XP et. al. - both are not really hard to implement at all, you are just using a callback interface for SENS and a callback function for XP.
0
 
jkrCommented:
BTW, reading the Event Log would mean "polling", which is something you usually want to really avoid.
0
 
Rob WilliamsCommented:
I have done something similar in the past. Adding the lines bellow to the logon script of all users you wish to affect will create a text log file of the user name, computer to which they have logged on, date and time, and the IP from which they have connected. Then the second part sends a pop up message to "ComputerName" that "UserName" has logged in. In order for this the windows messaging service needs to be enabled. Please advise if you need more details.

:Logging
If Exist "\\ServerName\Logs\LogOns.Log" GoTo START
Echo Log File > "\\ServerName\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\ServerName\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\ServerName\Logs\LogOns.Log"

:NOTIFY
Net Send ComputerName %username% logging on
:END

0
 
prunesquallorAuthor Commented:
Thanks!
0
 
prunesquallorAuthor Commented:
Thanks, all. Looks like I'll be reading the SENS stuff. Sorry for the delay in getting back (dead machine).

JB
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now