How do you detect Windows logon event?
And how do you initiate a user logon from a Windows service?
I'm trying to write a piece of code that will detect logon events and log another one automatically.
+2
A:
How do you detect Windows logon event?
If any mechanism exists it is likely to be in WMI. There are a number of WMI classes. Notably Win32_LogonSession; which is related to Win32_Account via Win32_LoggedonUser). If creation events are supported for Win32_LogonSession then that would be a very effective method.
And how do you initiate a user logon from a Windows service?
The LogonUser API allows creating a new user token, you can then use that token for threads or processes. Using CreateProcessWithLogonW (and similar) allows the user name and password to be created to create a process under a different account (essentially LogonUser plus CreateProcessWithTokenW).
Richard
2009-09-19 13:40:20
+1
A:
You can detect a user logon by for example monitoring the event log. You can also start a process with a specific user, as Richard explained.
However, it sounds like you are trying so do something else, that is to swap the logon identity of the logged on user. This I do not think is possible.
Shiraz Bhaiji
2009-09-19 13:53:03
+2
A:
If you are developing for Windows 2000/XP you can create a Winlogon Notification Package using the JWA libraries and Delphi. They've made it extremely easy:
http://blog.delphi-jedi.net/2008/05/27/winlogon-notification-package/
This also allows you to put a form on the CTRL+ALT+DEL screen if you'd like as well. That form is running under the SYSTEM profile.
Mick
2009-09-21 14:33:33
A:
Winlogon Notification Package are removed from Vista.
Use WTSRegisterSessionNotification or System Event Notification Service (SENS). However, you cannot logon a user interactively s.t. the logon dialog is removed and the user desktop is shown instead. This is done by winlogon using some registry keys. LogonUser just gives you a token that you can use to impersonate a user.
ChristianWimmer
2010-03-12 17:43:05