HolmesShelock Posted May 15, 2011 Share Posted May 15, 2011 I'm writing a Windows service using The service will run at every system startup. I want this service to wait until an user logs on to the system & then do something. Can anybody tell me how can the service determine the following:When has someone logged on? I mean, being an Automatic service, it'll run even before ANY user logs on, but I want it to trigger some action ONLY WHEN any user logs on.How can the service obtain currently logged in username?Is there any way to start a service at EVERY LOGON instead of STARTUP ? [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
disposable Posted May 18, 2011 Share Posted May 18, 2011 I'm writing a Windows service using The service will run at every system startup. I want this service to wait until an user logs on to the system & then do something. Can anybody tell me how can the service determine the following:When has someone logged on? I mean, being an Automatic service, it'll run even before ANY user logs on, but I want it to trigger some action ONLY WHEN any user logs on.How can the service obtain currently logged in username?Is there any way to start a service at EVERY LOGON instead of STARTUP ?I don't have the time to try it myself but I have worked with the services udf.1. AFAIK, there's no easy way to determine a machine state change when someone logs in. There is an event that's fired, the creation of a Win32_LogonSession, but again it won't be easy to catch this with AU3.If it were me, I'd probably try to make a simple comparison using the @username macro. Get @username and store at script start, loop idle until current @username != stored @username. If that doesn't work my next step would be to look for windows/processes that start only when someone is logged in. You can probably do a Google search for these processes but likely processes would probably include the usual explorer.exe, svchost, etc... Another way would be to get a boot monitor, like Microsoft BootVis. It's used for optimizing and tracing bootup but it can also log when and where processes start up. Trace your next boot, save it to a .bin file. Click on "Process Creates" and see a Gantt chart of w/c executables start and at what time. It's an old program but relatively easy to use.Yet another way would be to download Sysinternals Autoruns, also free from Microsoft. It categorizes startup processes under Tabs such as Logon, Services, etc...You can then do a ProcessExists and idle until your identified "logon" process has started.2. @username macro.You can also call the DLL directly, with a DllCall to advapi.dll and the GetUserName function.3. no idea. 2 out of 3 ain't bad though, eh? Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 18, 2011 Author Share Posted May 18, 2011 If it were me, I'd probably try to make a simple comparison using the @username macro. Get @username and store at script start, loop idle until current @username != stored @username. If that doesn't work my next step would be to look for windows/processes that start only when someone is logged in. You can probably do a Google search for these processes but likely processes would probably include the usual explorer.exe, svchost, etc... @username macro reads data from the current user environment variable 'username'. The service i'm coding is running from SYSTEM account & that's why @username is always returning SYSTEM as the username. [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
hannes08 Posted May 18, 2011 Share Posted May 18, 2011 Hi HolmesShelock, why creating a service at all? There's a trigger in the task scheduler that is named "on logon". Or you can check for the logged on user's with WMI. Regards,Hannes[spoiler]If you can't convince them, confuse them![/spoiler] Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 18, 2011 Author Share Posted May 18, 2011 why creating a service at all? Because the service is supposed to do something which needs Admin/SYSTEM privilege, not that one what currently logged on user poses.There's a trigger in the task scheduler that is named "on logon".Is there any way to capture this trigger from a service?Or you can check for the logged on user's with WMI.I need to capture the logon event IMMEDIATELY as soon as the user logs on to the system. [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
disposable Posted May 18, 2011 Share Posted May 18, 2011 @username macro reads data from the current user environment variable 'username'. The service i'm coding is running from SYSTEM account & that's why @username is always returning SYSTEM as the username.Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread. Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 18, 2011 Author Share Posted May 18, 2011 Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread.Ok, retrieving current user is not a problem now as I've retrieved the owner of explorer.exe which runs in present user's context.Trapping the events is the main challenge. [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
disposable Posted May 18, 2011 Share Posted May 18, 2011 Ok, retrieving current user is not a problem now as I've retrieved the owner of explorer.exe which runs in present user's context.Trapping the events is the main challenge.Hooking the event would probably turn out to be more trouble than it's worth. How about WinWait-"ing" until either the Desktop or the Taskbar exists? Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 18, 2011 Author Share Posted May 18, 2011 (edited) Hooking the event would probably turn out to be more trouble than it's worth. How about WinWait-"ing" until either the Desktop or the Taskbar exists?WinWait will involve constant polling. It'll push CPU usage unnecessarily high.The solution to my problem are this & this. Though I'm not being able to implement them in my script. Check out my post Edited May 19, 2011 by HolmesShelock [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
disposable Posted May 18, 2011 Share Posted May 18, 2011 WinWait will involve constant polling. It'll push CPU usage unnecessarily high.The solution to my problem are this & this. Though I'm not being able to implement them in my script. Check out my post Hmmm... in deference to Hannes123, WMI might also be the simpler solution. There's an WMI to check for events fired when power state changes. In your case, it could watch for Win32_LogonSession creation events... Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 19, 2011 Author Share Posted May 19, 2011 Hmmm... in deference to Hannes123, WMI might also be the simpler solution. There's an WMI to check for events fired when power state changes. In your case, it could watch for Win32_LogonSession creation events...The link looks promising. But can you please give me a concrete code example? [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
HolmesShelock Posted May 21, 2011 Author Share Posted May 21, 2011 Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread.Unfortunately, NO. When I retrieve "Homepath" & run it as Admin, it's returning what's expected. But, from the service which runs from SYSTEM account, the retrieved value is NULL.Any more ideas? [size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now