Who Connects to Your Computer?

Who connects to your computer?

Who connects to your computer? You can be notified by an MSN-like popup window while doing your work. The program can also create its own log file for all historical logon events. The log file created in the sample code is called called evlogger.txt and can be found in the application (evNotify.exe) folder.

The idea to write this code came from Tom Archer's article: Monitoring the Windows Event Log

Before running the program please check if you have switched on "Audit logon events":

  1. Open: Control Panel \ Admin Tools \ Local Security Policy
  2. Go to: Local Policies \ Audit Policy
  3. Double click on Audit logon events and check "Audit events on Success / Failure".
This option creates events of the log-on/log-off category in the Windows security log upon every user's attempt to onto or off of the system.

Note: Your account should have privileges to manipulate "Local Security Policy."

EvNotify monitors Windows security log for the following logon events:
528 . Local logon account event.
540 . Network logon account event.
538 . Logoff event (local or network).

529 . Logon failure event (local or network).
539 . Account locked out.
535 . The specified account's password has expired.
531 . Account currently disabled.

You can refer to the link bellow for more detailed information:
Log-on type codes revealed

Program's popup window displays the following information:
User
Computer
Description - User
Description - Domain
Description - Logon type
Description - Workstation Name

Logon events are written in black.
Logoff events are written in blue.
Unsuccessful logon event are written in red.

Note: You could test the program by logging as another user for example:
runas /u:testuser cmd

Source code notes

In FormMaim.cs are instantiated the following important classes:

1. EventListener:

  • It's subscribed for EntryWritten events of EventLog (a standard .NET class providing interaction with Windows event logs).
  • It starts a working thread.
  • Its function, OnEntryWritten(), filters all received logon events and passes them to the working thread to be handled. In that way the thread receiving event log events has been freed to listen for new events.
2. SinkClass:
  • Receives messages from the working thread of EventListener class and passes them to MSNPopup window.
3. MSNPopup:
  • MSN like Popup window that displays logon event log entries.
Finally I'd like to mention that this is not the most precise way of getting all event notifications. You could miss some of them. A more professional approach would be to use good old VC++ development using native API calls.


Downloads

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Relying on outside companies to manage your network and server environments for your business and applications to meet the needs and demands of your users can be stressful. This is especially true as many Managed Hosting organizations fail to meet their service level agreements. Read this Forrester total economic impact report and learn what makes INetU different and how they exceed their customers' managed hosting expectations.

  • Is your compliance strategy relying on disconnected processes and tools that leave your organization at risk? Do your security and operations teams run into conflicts--leading to a gap between audit and remediation? Now you can make even the most complex and dynamic IT infrastructure fully secure and compliant. Read this eBook and learn how to: Improve process and close the SecOps gap Quickly detect, audit and remediate breaches Create a more agile environment to comply to regulatory mandates Better …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date