Login | Register

Who Connects to Your Computer?

Posted by Angel Komarov on May 3rd, 2006

Who connects to your computer?

Who connects to your computer? You can be notified by an MSN-like popup window while doing your work. The program can also create its own log file for all historical logon events. The log file created in the sample code is called called evlogger.txt and can be found in the application (evNotify.exe) folder.

The idea to write this code came from Tom Archer's article: Monitoring the Windows Event Log

Before running the program please check if you have switched on "Audit logon events":

  1. Open: Control Panel \ Admin Tools \ Local Security Policy
  2. Go to: Local Policies \ Audit Policy
  3. Double click on Audit logon events and check "Audit events on Success / Failure".
This option creates events of the log-on/log-off category in the Windows security log upon every user's attempt to onto or off of the system.

Note: Your account should have privileges to manipulate "Local Security Policy."

EvNotify monitors Windows security log for the following logon events:
528 . Local logon account event.
540 . Network logon account event.
538 . Logoff event (local or network).

529 . Logon failure event (local or network).
539 . Account locked out.
535 . The specified account's password has expired.
531 . Account currently disabled.

You can refer to the link bellow for more detailed information:
Log-on type codes revealed

Program's popup window displays the following information:
User
Computer
Description - User
Description - Domain
Description - Logon type
Description - Workstation Name

Logon events are written in black.
Logoff events are written in blue.
Unsuccessful logon event are written in red.

Note: You could test the program by logging as another user for example:
runas /u:testuser cmd

Source code notes

In FormMaim.cs are instantiated the following important classes:

1. EventListener:

  • It's subscribed for EntryWritten events of EventLog (a standard .NET class providing interaction with Windows event logs).
  • It starts a working thread.
  • Its function, OnEntryWritten(), filters all received logon events and passes them to the working thread to be handled. In that way the thread receiving event log events has been freed to listen for new events.
2. SinkClass:
  • Receives messages from the working thread of EventListener class and passes them to MSNPopup window.
3. MSNPopup:
  • MSN like Popup window that displays logon event log entries.
Finally I'd like to mention that this is not the most precise way of getting all event notifications. You could miss some of them. A more professional approach would be to use good old VC++ development using native API calls.

Downloads

IT Offers

Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Go Deeper

  • Big Data is Talking. Are You Listening?
    This interactive white paper from CIO Magazine and EMC lays out the benefits of big data and predictive analytics, provides tips on how to …
  • Endpoint Buyers Guide
    This buyers guide provides independent research and test results to help you determine your endpoint protection requirements and identify …
  • Where Finance Belongs on the IT Agenda
    When the economy is stable, a company's IT organization may view Finance as just one of many internal customers competing for attention. But …

Most Popular Programming Stories

  • There have been no articles posted today.

More for Developers

Latest Developer Headlines

RSS Feeds