Who Connects to Your Computer?

Who connects to your computer?

Who connects to your computer? You can be notified by an MSN-like popup window while doing your work. The program can also create its own log file for all historical logon events. The log file created in the sample code is called called evlogger.txt and can be found in the application (evNotify.exe) folder.

The idea to write this code came from Tom Archer's article: Monitoring the Windows Event Log

Before running the program please check if you have switched on "Audit logon events":

  1. Open: Control Panel \ Admin Tools \ Local Security Policy
  2. Go to: Local Policies \ Audit Policy
  3. Double click on Audit logon events and check "Audit events on Success / Failure".
This option creates events of the log-on/log-off category in the Windows security log upon every user's attempt to onto or off of the system.

Note: Your account should have privileges to manipulate "Local Security Policy."

EvNotify monitors Windows security log for the following logon events:
528 . Local logon account event.
540 . Network logon account event.
538 . Logoff event (local or network).

529 . Logon failure event (local or network).
539 . Account locked out.
535 . The specified account's password has expired.
531 . Account currently disabled.

You can refer to the link bellow for more detailed information:
Log-on type codes revealed

Program's popup window displays the following information:
User
Computer
Description - User
Description - Domain
Description - Logon type
Description - Workstation Name

Logon events are written in black.
Logoff events are written in blue.
Unsuccessful logon event are written in red.

Note: You could test the program by logging as another user for example:
runas /u:testuser cmd

Source code notes

In FormMaim.cs are instantiated the following important classes:

1. EventListener:

  • It's subscribed for EntryWritten events of EventLog (a standard .NET class providing interaction with Windows event logs).
  • It starts a working thread.
  • Its function, OnEntryWritten(), filters all received logon events and passes them to the working thread to be handled. In that way the thread receiving event log events has been freed to listen for new events.
2. SinkClass:
  • Receives messages from the working thread of EventListener class and passes them to MSNPopup window.
3. MSNPopup:
  • MSN like Popup window that displays logon event log entries.
Finally I'd like to mention that this is not the most precise way of getting all event notifications. You could miss some of them. A more professional approach would be to use good old VC++ development using native API calls.


Downloads

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • How Red Hat Enterprise Linux shrinks total cost of ownership (TCO) compared to Windows IT organizations face the constant challenge of juggling two almost opposing priorities: continuously delivering business-critical application services while keeping IT expenses in line with budget constraints. The primary function of IT departments is to supply core infrastructure and applications to attract new business, generate revenue, and facilitate profitability - and IT managers strive to meet this goal in spite of …

  • The 2014 State of DevOps Report — based on a survey of 9,200+ people in IT operations, software development and technology management roles in 110 countries — reveals: Companies with high-performing IT organizations are twice as likely to exceed their profitability, market share and productivity goals. IT performance improves with DevOps maturity, and strongly correlates with well-known DevOps practices. Job satisfaction is the No. 1 predictor of performance against organizational …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date