Solved

Finding if a PC is locked

Posted on 2012-04-01
6
571 Views
Last Modified: 2012-04-02
Hi,

I have been trying a way to find out if a PC is locked or not, I can easily find out if the PC has someone logged onto it and who that user is using VBS, but I am unable to find any way to see if the PC has been locked

I want to be able to log who is leaving their PCs logged on and who locks them overnight

Any help would be appreciated
0
Comment
Question by:dgewin
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794406
What OS are you using ?
Vista and Windows 7 have security log event ID of 4800 when the w/s gets locked, and a corresponding ID of 4801 when it is unlocked.
You could maybe code the vbs to check the security logs for these events ???

I don't think Win XP records the difference between a logoff and/or a lock, which is event ID 528/538, although it you're not bothered about distinguishing, then you could do the same again.

Or you could just use a GPO to configure the screensaver to force the workstation to lock after a period of inactivity and require a password on resume (thats how we handle it in our organisation)
0
 

Author Comment

by:dgewin
ID: 37794495
I am using 99% windows 7, so I may look into that option.

Where are these events located, I have looked at the Security events and cant find them?

Its not an issue of having to have them locked as I am shutting them down anyhow, I just want to know for reporting reasons who is leaving them unlocked when they go home
0
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794535
How to find these:
At the run command, type: eventvwr <enter>
The logs you want to look at are located under:
Windows Logs > Security

Event ID: 4801/4800
Task Catagory: Other Logon/Logoff
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:dgewin
ID: 37794675
That is where I thought it would be, I am running Windows 7 and have no event IDs that are 4800/4801

All my logon and logoff ones are 4624/4634 etc

I lock and unlock my PC frequently

Perhaps I am missing something?
0
 
LVL 9

Accepted Solution

by:
Scottyworld earned 250 total points
ID: 37798397
It could be that the auditing of these events is not switched on.
Open gpedit.msc on your local machine, and go to:
Computer configuration > Windows Settings > Security Settings > Local Policies > Audit Policy

Make sure you have successful auditing on "Audit logon events"
The default setting for Other Logon/Logoff Events is "No Auditing"

Alternatively, this may be defined by your corporate group policy so you may need to check there (if you have access to it)
0
 

Author Comment

by:dgewin
ID: 37798783
Thanks, I will have to have a play around with the scripting side to see if it will do what I want now
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question