Who Connects to Your Computer?

Who connects to your computer?

Who connects to your computer? You can be notified by an MSN-like popup window while doing your work. The program can also create its own log file for all historical logon events. The log file created in the sample code is called called evlogger.txt and can be found in the application (evNotify.exe) folder.

The idea to write this code came from Tom Archer's article: Monitoring the Windows Event Log

Before running the program please check if you have switched on "Audit logon events":

  1. Open: Control Panel \ Admin Tools \ Local Security Policy
  2. Go to: Local Policies \ Audit Policy
  3. Double click on Audit logon events and check "Audit events on Success / Failure".
This option creates events of the log-on/log-off category in the Windows security log upon every user's attempt to onto or off of the system.

Note: Your account should have privileges to manipulate "Local Security Policy."

EvNotify monitors Windows security log for the following logon events:
528 . Local logon account event.
540 . Network logon account event.
538 . Logoff event (local or network).

529 . Logon failure event (local or network).
539 . Account locked out.
535 . The specified account's password has expired.
531 . Account currently disabled.

You can refer to the link bellow for more detailed information:
Log-on type codes revealed

Program's popup window displays the following information:
User
Computer
Description - User
Description - Domain
Description - Logon type
Description - Workstation Name

Logon events are written in black.
Logoff events are written in blue.
Unsuccessful logon event are written in red.

Note: You could test the program by logging as another user for example:
runas /u:testuser cmd

Source code notes

In FormMaim.cs are instantiated the following important classes:

1. EventListener:

  • It's subscribed for EntryWritten events of EventLog (a standard .NET class providing interaction with Windows event logs).
  • It starts a working thread.
  • Its function, OnEntryWritten(), filters all received logon events and passes them to the working thread to be handled. In that way the thread receiving event log events has been freed to listen for new events.
2. SinkClass:
  • Receives messages from the working thread of EventListener class and passes them to MSNPopup window.
3. MSNPopup:
  • MSN like Popup window that displays logon event log entries.
Finally I'd like to mention that this is not the most precise way of getting all event notifications. You could miss some of them. A more professional approach would be to use good old VC++ development using native API calls.


Downloads

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Webinar Tuesday, August 26, 2014 1:00 PM EDT Customers are more empowered and connected than ever, and the customer's journey has grown more complex. Their expectations are growing and trust is diminishing as they may interact with multiple brands through web, mobile and social channels. Considering 70% of the buying process in a complex sale is already complete before prospects are willing to engage with a live salesperson -- it's critical to understand your customers and anticipate their needs.* …

  • Live Event Date: September 17, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT Another day, another end-of-support deadline. You've heard enough about the hazards of not migrating to Windows Server 2008 or 2012. What you may not know is that there's plenty in it for you and your business, like increased automation and performance, time-saving technical features, and a lower total cost of ownership. Check out this upcoming eSeminar and join Rich Holmes, Pomeroy's practice director of virtualization, as he discusses the …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds