Reputation: 1
Windows service account Local System . how to track sytem session ex: system unlock and lock etc
build employee Monitoring service tool. I use windows service to build the tool. Now iam very confused which service account i need to use to build this tool. This confusion occurs when I tried to log system lock and unlock time using localsytem account .The event is not triggered . After some time of debugging i understand local system is running on service 0 session it's does not have access desktop settings . I need to give full access company employer . In future the features will be enhanced ,like app use by employee , track network, shut down and open etc . Can anyone help me
I tried on service start subscribing, session switch . It subscribing successfully. But the event is not triggering.
using System;
using System.Diagnostics;
using System.IO;
using System.ServiceProcess;
namespace MyFirstService
{
public partial class Service1 : ServiceBase
{
private const int SERVICE_CONTROL_SESSIONCHANGE = 0x0000000D;
private const int WTS_SESSION_LOGON = 0x5;
private const int WTS_SESSION_LOGOFF = 0x6;
private const int WTS_SESSION_LOCK = 0x7;
private const int WTS_SESSION_UNLOCK = 0x8;
public Service1()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
WriteToFile("Service started at " + DateTime.Now);
}
protected override void OnStop()
{
WriteToFile("Service stopped at " + DateTime.Now);
}
protected override void OnSessionChange(SessionChangeDescription changeDescription)
{
switch (changeDescription.Reason)
{
case SessionChangeReason.SessionLogon:
WriteToFile("User logged on at " + DateTime.Now);
break;
case SessionChangeReason.SessionLogoff:
WriteToFile("User logged off at " + DateTime.Now);
break;
case SessionChangeReason.SessionLock:
WriteToFile("Workstation locked at " + DateTime.Now);
break;
case SessionChangeReason.SessionUnlock:
WriteToFile("Workstation unlocked at " + DateTime.Now);
break;
default:
WriteToFile($"Session change event: {changeDescription.Reason}");
break;
}
}
Upvotes: 0
Views: 59
Answers (1)
Reputation: 1
If your Windows Service is running under LocalSystem, you can capture session events like logon, logoff, lock, and unlock. The key is ensuring that your service: ✔ Enables session change events (CanHandleSessionChangeEvent = true). ✔ Handles the OnSessionChange event correctly.
using System;
using System.Diagnostics;
using System.IO;
using System.ServiceProcess;
namespace MyFirstService
{
public partial class Service1 : ServiceBase
{
private const int SERVICE_CONTROL_SESSIONCHANGE = 0x0000000D;
private const int WTS_SESSION_LOGON = 0x5;
private const int WTS_SESSION_LOGOFF = 0x6;
private const int WTS_SESSION_LOCK = 0x7;
private const int WTS_SESSION_UNLOCK = 0x8;
public Service1()
{
InitializeComponent();
this.CanHandleSessionChangeEvent = true;
}
protected override void OnStart(string[] args)
{
WriteToFile("Service started at " + DateTime.Now);
}
protected override void OnStop()
{
WriteToFile("Service stopped at " + DateTime.Now);
}
protected override void OnSessionChange(SessionChangeDescription changeDescription)
{
switch (changeDescription.Reason)
{
case SessionChangeReason.SessionLogon:
WriteToFile("User logged on at " + DateTime.Now);
break;
case SessionChangeReason.SessionLogoff:
WriteToFile("User logged off at " + DateTime.Now);
break;
case SessionChangeReason.SessionLock:
WriteToFile("Workstation locked at " + DateTime.Now);
break;
case SessionChangeReason.SessionUnlock:
WriteToFile("Workstation unlocked at " + DateTime.Now);
break;
default:
WriteToFile($"Session change event: {changeDescription.Reason}");
break;
}
}
Upvotes: 0
Related Questions
- How can you find and replace text in a file using the Windows command-line environment?
- How to install and use "make" in Windows?
- How can I redirect Windows cmd standard output and standard error to a single file?
- How do I uninstall a Windows service if the files do not exist anymore?
- How do you run CMD.exe under the Local System Account?
- The difference between the 'Local System' account and the 'Network Service' account?
- How to uninstall a Windows Service when there is no executable for it left on the system?