?
Solved

Finding if a PC is locked

Posted on 2012-04-01
6
Medium Priority
?
577 Views
Last Modified: 2012-04-02
Hi,

I have been trying a way to find out if a PC is locked or not, I can easily find out if the PC has someone logged onto it and who that user is using VBS, but I am unable to find any way to see if the PC has been locked

I want to be able to log who is leaving their PCs logged on and who locks them overnight

Any help would be appreciated
0
Comment
Question by:dgewin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794406
What OS are you using ?
Vista and Windows 7 have security log event ID of 4800 when the w/s gets locked, and a corresponding ID of 4801 when it is unlocked.
You could maybe code the vbs to check the security logs for these events ???

I don't think Win XP records the difference between a logoff and/or a lock, which is event ID 528/538, although it you're not bothered about distinguishing, then you could do the same again.

Or you could just use a GPO to configure the screensaver to force the workstation to lock after a period of inactivity and require a password on resume (thats how we handle it in our organisation)
0
 

Author Comment

by:dgewin
ID: 37794495
I am using 99% windows 7, so I may look into that option.

Where are these events located, I have looked at the Security events and cant find them?

Its not an issue of having to have them locked as I am shutting them down anyhow, I just want to know for reporting reasons who is leaving them unlocked when they go home
0
 
LVL 9

Expert Comment

by:Scottyworld
ID: 37794535
How to find these:
At the run command, type: eventvwr <enter>
The logs you want to look at are located under:
Windows Logs > Security

Event ID: 4801/4800
Task Catagory: Other Logon/Logoff
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dgewin
ID: 37794675
That is where I thought it would be, I am running Windows 7 and have no event IDs that are 4800/4801

All my logon and logoff ones are 4624/4634 etc

I lock and unlock my PC frequently

Perhaps I am missing something?
0
 
LVL 9

Accepted Solution

by:
Scottyworld earned 1000 total points
ID: 37798397
It could be that the auditing of these events is not switched on.
Open gpedit.msc on your local machine, and go to:
Computer configuration > Windows Settings > Security Settings > Local Policies > Audit Policy

Make sure you have successful auditing on "Audit logon events"
The default setting for Other Logon/Logoff Events is "No Auditing"

Alternatively, this may be defined by your corporate group policy so you may need to check there (if you have access to it)
0
 

Author Comment

by:dgewin
ID: 37798783
Thanks, I will have to have a play around with the scripting side to see if it will do what I want now
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Introduction During my participation as a VBScript contributor at Experts Exchange, one of the most common questions I come across is this: "I have a script that runs against only one computer. How can I make it run against a list of computers in …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question