I need to write a little windows service that should detect when a user is attempting to log in and deny access according to certain criteria, like the hour.
So, I researched the way the Windows Family Safety works when a child has hour restriction, and I noticed that the message received by the user(child) is similar or identical to the one received when a restriction is set using
net user User /time:etc, etc.
so I suspect that's what the Family Safety use.
However, I would like to interact with the "net" command programatically, and besides that I would like to know if there's an event to watch for when a user is attempting to login, or the user has just logged in.
Which Windows API should I look for to get this functionality?
The "net user" commands are available programmatically through the Network Management API. As an example, you can use the NetUserSetInfo function along with the USER_INFO_1020 structure to set the times during which a user can log on.
Related
When I log in into an windows device, I can sometimes see 2 users sessions (I can see it by clicking Task Manager -> Users). One of the users has status Disconnected and the other active
Is there a way for me to see weather the user is disconnected or not in the registry?
Thank you
I don't know if there is a registry value you can check and if you find one it must be considered an unintended side effect you should not rely on.
The WTS API is the correct way to handle this.
Call WTSRegisterSessionNotification to receive notifications and/or WTSEnumerateSessionsW to find the current sessions and their states.
Our Problem:
We are using FortiGate in our company with ~2200 Clients. Most of them are using Notebooks. Some people can't connect to the Internet, when they come to the office after days working in home office. Our Fortigate is configured to watch the LogonEvents (EDIT:To be more specific: the attribute "lastlogon") of the Userobject on the Domaincontroller (we have 5) and authenticate the user with the IP of the device. This fails sometimes. Our network-guys are looking at this problem, but in the meantime i have to find solutions on the client-side
One workaround I found is to trigger a User LogonEvent via powershell on the client.
New-PsSession -ComputerName $Env:ComputerName -ErrorAction ignore
But most of the times it creates the User LogonEvent on one specific Domain Controller (mostly the default Logonserver), which is maybe faulty. It's the same when you lock your device and log back in.
Does somebody know another way to create a LogonEvent via Powershell or Batch, where I can select the authenticating Domain Controller? Like, iterating through all our Domain Controllers to create such event on the client.
Edit: Unfortunately, the command has to run with User Permissions.
Edit: Maybe it helps if I tell you my overall goal:
Every client gets a scheduled task via GPO which runs in User-Context
It gets triggerd by event 10000 from source Microsoft-Windows-NetworkProfile (network change)
A powershell script checks if the internet connection is working
If not, the script would try to trigger a LogonEvent on different Domain Controllers to be sure, the Fortigate Agent gets at least one of them.
Mathias has the right idea, but just creating a DirectoryEntry object (which is what [ADSI] is a type accelerator for) doesn't make a network request until you actually use it.
This will tell it to retrieve the name attribute of the root of the domain (any attribute would do - you just need it to get something):
[ADSI]::new("LDAP://domainController.fqdn", "svc_username", "p#ssW0rd").RefreshCache("name")
Windows has SENS API which applications can use to get notified about logon/logoff and display lock/unlock events. Is there anything similar for X11/X.org or generally available interfaces and APIs in Linux desktops? I basically want something that would allow me to react to that within the user session.
Logind (which not all distros use) has an object on the system DBus. The signals of this object are available to any program and are documented as:
The SessionNew(), SessionRemoved(), UserNew(), UserRemoved(), SeatNew(), SeatRemoved() signals are sent each time a session is created or removed, a user logs in or out, or a seat is added or removed.
https://www.freedesktop.org/wiki/Software/systemd/logind/
If logind is not in use, PAM might be your next best option, as sanjeev suggested. He links to https://unix.stackexchange.com/questions/162783/how-can-i-detect-a-user-login-programmatically. However, note that this requires changing the system configuration and cannot be just subscribed to by any program.
Interacting with the screensaver is even less portable. For example, GNOME exposes a screensaver object on the user DBus instance. It is also possible to get events from the X11 server via the "SCREEN-SAVER" extension, but of course this is not available with Wayland.
https://people.gnome.org/~mccann/gnome-screensaver/docs/gnome-screensaver.html (Random Google result)
https://www.x.org/releases/X11R7.7/doc/scrnsaverproto/saver.html#Events
I need to show list of all users which connected to current computer and send each of them a message (by using command line).
I am using '*.bat' I need to list all the users that connected to current computer, and send each of them message (by command line).
(I presume using 'net send' as on site: http://technet.microsoft.com/en-us/library/bb490710.aspx , but I need to know only the active users, as I can see on task manager -> users ,column status = active).
Thanks :)
This is ancient, but as AndrewMedico says, msg gives you this functionality now in many versions of Windows.
If the only reason you wanted the usernames was to send them individual messages, you can just use msg * <message> which will send every user logged into that PC the same message.
If you wanted the usernames for another purpose, you can get these from a command prompt by typing query user. You could do some grepping of the results to just get a bare list of users if you require (and dont wish to use other methods of getting these users such as C#).
Is it possible for a Windows service to force a user to login from the windows user login screen? I've seen where LogMeIn can do it. This is assuming, of course, that I have both the username and password for the user.
Is LogMeIn using an actual method (non-automated), or are they simply quickly automating the task of logging in my selecting the username and password fields and typing it in?
You should create a WindowStation, and a Desktop inside that. Your service would create the WindowStation and connect that to the user you want to log in, then I suppose you would periodically take a screenshot of the created desktop to present somewhere else.
You may want to start reading the documentation at https://msdn.microsoft.com/en-us/library/windows/desktop/ms687105%28v=vs.85%29.aspx and linked pages, then ask a more specific question.
I don't know if this method can be used to log in at the Console (the window station attached to the physical video card/keyboard of the computer), but if this has to happen automatically I'd avoid using the Console, but a separate Window Station.
EDIT: as it happens to say on the very page I linked (my bad), if a session for the user exists and the service tries to connect to it, it is opened; if it does not exist then it is created anew, and a desktop (named "default") is attached to it. If your service only has to log the interactive user in you should use the auto-login feature of windows instead.
Yes, you can auto login using Windows.
You didn't specify OS but for Windows 7/8 read this, and for Server 2003/2008 (and possibly 2012, but I haven't checked)
check out this Microsoft article.