mlglobal Posted October 24, 2005 Share Posted October 24, 2005 Hi Does anyone know if Windows XP can track the difference between a shutdown event and a reboot event? If so, how can I track that via an AutoIt Script? Here is my situation. We have several users that are shutting down their computers at the end of the day, against our policy, which prevents me from performing routine maintenance like patching, etc. Management wants me to track who is shutting down their systems. Im currently using nmap in ping only mode and exporting that into an xml format for later use. An AutoIt script would be nicer if I can find a hook to distinguish between reboot and shutdown. I can then put that into a Shutdown script and output the time / date, userid, ip address, into a flat file and import that into a database. Any help is always appreciated. Thanks. Link to comment Share on other sites More sharing options...
Nuffilein805 Posted October 24, 2005 Share Posted October 24, 2005 i think autoit only knows if you shutdown your system, if you log off or if the prog is closed by any other command why don't you restrict the users rights so that they can't shutdown their system? my little chatmy little encryption toolmy little hidermy unsafe clickbot Link to comment Share on other sites More sharing options...
mlglobal Posted October 24, 2005 Author Share Posted October 24, 2005 (edited) i think autoit only knows if you shutdown your system, if you log off or if the prog is closed by any other commandwhy don't you restrict the users rights so that they can't shutdown their system?Great question! Our management wants to see who is shutting down the systems first. They won't let us implement the Group Policy that disables the shutdown feature until they see the numbers. I'm not looking for an AutoIT feature that tracks that but something inside of Windows like a registry key that gets modified if the system is shutdown and the difference if it's rebooted. Edited October 24, 2005 by mlglobal Link to comment Share on other sites More sharing options...
Nuffilein805 Posted October 24, 2005 Share Posted October 24, 2005 well, you got a funny management is it allowed to reboot without logging in? then use the ping("destination", "time") function if they have to log in just do a little prog and install it on the client - make it send a message like "hello, i'm here" every 30 sec to an inifile iniwrite("networkfolder\inifile.ini", "Logged on", @computername, @hour & "." & @min & " " & @mday & "." & @mon & "." &@year) then do a little prog checking this file maybe i post the code later, but i'm sure you can think of something my little chatmy little encryption toolmy little hidermy unsafe clickbot Link to comment Share on other sites More sharing options...
SpookMeister Posted October 24, 2005 Share Posted October 24, 2005 (edited) A quick google search didn't give me anything.I think I would approach this in a server pinging and logging a list of client machines periodically type of way. Or you might do it with uptime from microsoft (I think you need XP or better clients for this)http://support.microsoft.com/...q232243You could do a calculation based on how long the systems that you test have been running. Edited October 24, 2005 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote] Link to comment Share on other sites More sharing options...
mlglobal Posted October 24, 2005 Author Share Posted October 24, 2005 A quick google search didn't give me anything.I think I would approach this in a server pinging and logging a list of client machines periodically type of way. Or you might do it with uptime from microsoft (I think you need XP or better clients for this)http://support.microsoft.com/...q232243You could do a calculation based on how long the systems that you test have been running.Thanks for the suggestion. I'm open to anything at this point. I just need to be able to present the info in a report format that managment understands after I gather the data. I still think the best method is to have the clients do some sort of test and then throw that data into a database reporting format out on a network share. I'll continue to search and I'll post a solution if I find one. Link to comment Share on other sites More sharing options...
BigDod Posted October 24, 2005 Share Posted October 24, 2005 Thanks for the suggestion. I'm open to anything at this point. I just need to be able to present the info in a report format that managment understands after I gather the data. I still think the best method is to have the clients do some sort of test and then throw that data into a database reporting format out on a network share. I'll continue to search and I'll post a solution if I find one.You could always place an AuotIt script in their startup folders that would send info to the server or you whenever a computer was started. Time you enjoyed wasting is not wasted time ......T.S. Elliot Suspense is worse than disappointment................Robert Burns God help the man who won't help himself, because no-one else will...........My Grandmother Link to comment Share on other sites More sharing options...
CyberSlug Posted October 24, 2005 Share Posted October 24, 2005 (edited) Well, you CAN determine what the previous shutdown method was by looking at a registry key.$key = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer","Shutdown Setting") #cs -- Possible values (in order as the appear in the combo box): -- If you set value to 64 but your system does not support hibernate, I think "standby" is set 1 = logoff (also 8 and 32) 2 = shutdown (also 0) 4 = restart 16 = standby 64 = hibernate #ce MsgBox(4096,"value", $key)The only thing I don't know is if the user chooses to logoff, and THEN clicks the shutdown button from the logon screen... I didn't see any correspondign registry key in HKEY_USERS\.DEFAULT ....Edit: I also don't know what happens if the user presses the power button to turn off the machine as set in the "Power Options" applet in the Control Panel....Original thread: http://www.autoitscript.com/forum/index.php?showtopic=3795Other ideas:Check timestamp difference of system event log for "The Event log service was started" and "The Event log service was stopped" (IDs 6005 and 6006).Details Product: Windows Operating System ID: 6009 Source: EventLog Version: 5.2 Symbolic Name: EVENT_EventLogProductInfo Message: Microsoft ® Windows ® %1 %2 %3 %4. Explanation The user restarted or shut down the computer by clicking Start or pressing CTRL+ALT+DELETE, and then clicking Shut Down. The message displays the Windows product information for the computer logging the message, including the product name, version, build number, service pack number, and operating system type. Edited October 24, 2005 by CyberSlug Use Mozilla | Take a look at My Disorganized AutoIt stuff | Very very old: AutoBuilder 11 Jan 2005 prototype I need to update my sig! Link to comment Share on other sites More sharing options...
mlglobal Posted October 24, 2005 Author Share Posted October 24, 2005 Well, you CAN determine what the previous shutdown method was by looking at a registry key.$key = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer","Shutdown Setting") #cs -- Possible values (in order as the appear in the combo box): -- If you set value to 64 but your system does not support hibernate, I think "standby" is set 1 = logoff (also 8 and 32) 2 = shutdown (also 0) 4 = restart 16 = standby 64 = hibernate #ce MsgBox(4096,"value", $key)The only thing I don't know is if the user chooses to logoff, and THEN clicks the shutdown button from the logon screen... I didn't see any correspondign registry key in HKEY_USERS\.DEFAULT ....Edit: I also don't know what happens if the user presses the power button to turn off the machine as set in the "Power Options" applet in the Control Panel....Original thread: http://www.autoitscript.com/forum/index.php?showtopic=3795Other ideas:Check timestamp difference of system event log for "The Event log service was started" and "The Event log service was stopped" (IDs 6005 and 6006).CyberSlug,That is GOLDEN my friend! Thank you very much. My the AutoIT GODS continually smile upon you! Link to comment Share on other sites More sharing options...
SpookMeister Posted October 24, 2005 Share Posted October 24, 2005 (edited) I did some more searching and found that info too... one thing I wasnt sure of was how compatable that is on all versions of windows. You probably have some testing to do. Overall, if its for some report for management and I were in your shoes, I would want to have something gather much more acurate data on client availability. $ClientFile = FileOpen("C:\clients.txt", 0) $LogFile = FileOpen("C:\ClientLog.txt", 1) If $ClientFile = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf If $LogFile = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf While 1 $line = FileReadLine($ClientFile) If @error = -1 Then ExitLoop $var = Ping($line,100) If NOT $var Then FileWriteLine($LogFile, $line & "," & @YEAR & @MON & @MDAY & @HOUR & @MIN) EndIf Wend FileClose($ClientFile) FileClose($LogFile) Make a client file "C:\clients.txt" and fill with client PC names or IP addresses like this: client1 client2 192.160.1.100 client4 Then schedule something like my above code to run hourly (or maybe just afterhours) right from your workstation. The ouput file "C:\ClientLog.txt" will have a list of which clients were not available at specific times during the night... from this you should be able to make a pretty graph that even a manager can understand. Edited October 24, 2005 by SpookMeister [u]Helpful tips:[/u]If you want better answers to your questions, take the time to reproduce your issue in a small "stand alone" example script whenever possible. Also, make sure you tell us 1) what you tried, 2) what you expected to happen, and 3) what happened instead.[u]Useful links:[/u]BrettF's update to LxP's "How to AutoIt" pdfValuater's Autoit 1-2-3 Download page for the latest versions of Autoit and SciTE[quote]<glyph> For example - if you came in here asking "how do I use a jackhammer" we might ask "why do you need to use a jackhammer"<glyph> If the answer to the latter question is "to knock my grandmother's head off to let out the evil spirits that gave her cancer", then maybe the problem is actually unrelated to jackhammers[/quote] Link to comment Share on other sites More sharing options...
BigDod Posted October 24, 2005 Share Posted October 24, 2005 The ouput file "C:\ClientLog.txt" will have a list of which clients were not available at specific times during the night... from this you should be able to make a pretty graph that even a manager can understand.Careful , You are crediting the managers with some sort of inteligence Time you enjoyed wasting is not wasted time ......T.S. Elliot Suspense is worse than disappointment................Robert Burns God help the man who won't help himself, because no-one else will...........My Grandmother Link to comment Share on other sites More sharing options...
Nuffilein805 Posted October 24, 2005 Share Posted October 24, 2005 nice idea looking into the reg blame i haven't thought of it before my little chatmy little encryption toolmy little hidermy unsafe clickbot Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now