Sign in to follow this  
Followers 0
HolmesShelock

Some queries related to Windows services

12 posts in this topic

I'm writing a Windows service using The service will run at every system startup. I want this service to wait until an user logs on to the system & then do something. Can anybody tell me how can the service determine the following:

  • When has someone logged on? I mean, being an Automatic service, it'll run even before ANY user logs on, but I want it to trigger some action ONLY WHEN any user logs on.
  • How can the service obtain currently logged in username?
  • Is there any way to start a service at EVERY LOGON instead of STARTUP ?

[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites



I'm writing a Windows service using The service will run at every system startup. I want this service to wait until an user logs on to the system & then do something. Can anybody tell me how can the service determine the following:

  • When has someone logged on? I mean, being an Automatic service, it'll run even before ANY user logs on, but I want it to trigger some action ONLY WHEN any user logs on.
  • How can the service obtain currently logged in username?
  • Is there any way to start a service at EVERY LOGON instead of STARTUP ?

I don't have the time to try it myself but I have worked with the services udf.

1. AFAIK, there's no easy way to determine a machine state change when someone logs in. There is an event that's fired, the creation of a Win32_LogonSession, but again it won't be easy to catch this with AU3.

If it were me, I'd probably try to make a simple comparison using the @username macro. Get @username and store at script start, loop idle until current @username != stored @username. If that doesn't work my next step would be to look for windows/processes that start only when someone is logged in. You can probably do a Google search for these processes but likely processes would probably include the usual explorer.exe, svchost, etc...

Another way would be to get a boot monitor, like Microsoft BootVis. It's used for optimizing and tracing bootup but it can also log when and where processes start up. Trace your next boot, save it to a .bin file. Click on "Process Creates" and see a Gantt chart of w/c executables start and at what time. It's an old program but relatively easy to use.

Yet another way would be to download Sysinternals Autoruns, also free from Microsoft. It categorizes startup processes under Tabs such as Logon, Services, etc...

You can then do a ProcessExists and idle until your identified "logon" process has started.

2. @username macro.

You can also call the DLL directly, with a DllCall to advapi.dll and the GetUserName function.

3. no idea. 2 out of 3 ain't bad though, eh?

Share this post


Link to post
Share on other sites

If it were me, I'd probably try to make a simple comparison using the @username macro. Get @username and store at script start, loop idle until current @username != stored @username. If that doesn't work my next step would be to look for windows/processes that start only when someone is logged in. You can probably do a Google search for these processes but likely processes would probably include the usual explorer.exe, svchost, etc...

@username macro reads data from the current user environment variable 'username'. The service i'm coding is running from SYSTEM account & that's why @username is always returning SYSTEM as the username.

[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

Hi HolmesShelock,

why creating a service at all? There's a trigger in the task scheduler that is named "on logon".

Or you can check for the logged on user's with WMI.


Regards,Hannes[spoiler]If you can't convince them, confuse them![/spoiler]

Share this post


Link to post
Share on other sites

why creating a service at all?

Because the service is supposed to do something which needs Admin/SYSTEM privilege, not that one what currently logged on user poses.

There's a trigger in the task scheduler that is named "on logon".

Is there any way to capture this trigger from a service?

Or you can check for the logged on user's with WMI.

I need to capture the logon event IMMEDIATELY as soon as the user logs on to the system.


[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

@username macro reads data from the current user environment variable 'username'. The service i'm coding is running from SYSTEM account & that's why @username is always returning SYSTEM as the username.

Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment

Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread.

Share this post


Link to post
Share on other sites

Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment

Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread.

Ok, retrieving current user is not a problem now as I've retrieved the owner of explorer.exe which runs in present user's context.Trapping the events is the main challenge.

[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

Ok, retrieving current user is not a problem now as I've retrieved the owner of explorer.exe which runs in present user's context.Trapping the events is the main challenge.

Hooking the event would probably turn out to be more trouble than it's worth. How about WinWait-"ing" until either the Desktop or the Taskbar exists?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Hooking the event would probably turn out to be more trouble than it's worth. How about WinWait-"ing" until either the Desktop or the Taskbar exists?

WinWait will involve constant polling. It'll push CPU usage unnecessarily high.

The solution to my problem are this & this. Though I'm not being able to implement them in my script. Check out my post

Edited by HolmesShelock

[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

WinWait will involve constant polling. It'll push CPU usage unnecessarily high.

The solution to my problem are this & this. Though I'm not being able to implement them in my script. Check out my post

Hmmm... in deference to Hannes123, WMI might also be the simpler solution. There's an WMI to check for events fired when power state changes. In your case, it could watch for Win32_LogonSession creation events...

Share this post


Link to post
Share on other sites

Hmmm... in deference to Hannes123, WMI might also be the simpler solution. There's an WMI to check for events fired when power state changes. In your case, it could watch for Win32_LogonSession creation events...

The link looks promising. But can you please give me a concrete code example?

[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

Have you tried parsing the registry? HKEY_CURRENT_USER\Volatile Environment

Either APPDATA or HOMEPATH contains the currently logged on user regardless of the username (SYSTEM) calling the thread.

Unfortunately, NO. When I retrieve "Homepath" & run it as Admin, it's returning what's expected. But, from the service which runs from SYSTEM account, the retrieved value is NULL.

Any more ideas?


[size="2"][font="arial, verdana, tahoma, sans-serif"]ProtectData - A Data Protection software for floppies[/font][/size] [size="2"][hr][/size][size="2"]Sessionchange - A Windows service capable of tracking session change events[/size][size="2"][b][/b][/size]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0