Solved

Finding if a PC is locked

Posted on 2012-04-01
6
574 Views
Last Modified: 2012-04-02
Hi,

I have been trying a way to find out if a PC is locked or not, I can easily find out if the PC has someone logged onto it and who that user is using VBS, but I am unable to find any way to see if the PC has been locked

I want to be able to log who is leaving their PCs logged on and who locks them overnight

Any help would be appreciated
0
Comment
Question by:dgewin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794406
What OS are you using ?
Vista and Windows 7 have security log event ID of 4800 when the w/s gets locked, and a corresponding ID of 4801 when it is unlocked.
You could maybe code the vbs to check the security logs for these events ???

I don't think Win XP records the difference between a logoff and/or a lock, which is event ID 528/538, although it you're not bothered about distinguishing, then you could do the same again.

Or you could just use a GPO to configure the screensaver to force the workstation to lock after a period of inactivity and require a password on resume (thats how we handle it in our organisation)
0
 

Author Comment

by:dgewin
ID: 37794495
I am using 99% windows 7, so I may look into that option.

Where are these events located, I have looked at the Security events and cant find them?

Its not an issue of having to have them locked as I am shutting them down anyhow, I just want to know for reporting reasons who is leaving them unlocked when they go home
0
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794535
How to find these:
At the run command, type: eventvwr <enter>
The logs you want to look at are located under:
Windows Logs > Security

Event ID: 4801/4800
Task Catagory: Other Logon/Logoff
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dgewin
ID: 37794675
That is where I thought it would be, I am running Windows 7 and have no event IDs that are 4800/4801

All my logon and logoff ones are 4624/4634 etc

I lock and unlock my PC frequently

Perhaps I am missing something?
0
 
LVL 9

Accepted Solution

by:
Scottyworld earned 250 total points
ID: 37798397
It could be that the auditing of these events is not switched on.
Open gpedit.msc on your local machine, and go to:
Computer configuration > Windows Settings > Security Settings > Local Policies > Audit Policy

Make sure you have successful auditing on "Audit logon events"
The default setting for Other Logon/Logoff Events is "No Auditing"

Alternatively, this may be defined by your corporate group policy so you may need to check there (if you have access to it)
0
 

Author Comment

by:dgewin
ID: 37798783
Thanks, I will have to have a play around with the scripting side to see if it will do what I want now
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question