Computer shutdown versus reboot

mlglobal · October 24, 2005

Hi

Does anyone know if Windows XP can track the difference between a shutdown event and a reboot event? If so, how can I track that via an AutoIt Script?

Here is my situation. We have several users that are shutting down their computers at the end of the day, against our policy, which prevents me from performing routine maintenance like patching, etc. Management wants me to track who is shutting down their systems. Im currently using nmap in ping only mode and exporting that into an xml format for later use. An AutoIt script would be nicer if I can find a hook to distinguish between reboot and shutdown. I can then put that into a Shutdown script and output the time / date, userid, ip address, into a flat file and import that into a database. Any help is always appreciated. Thanks.

Nuffilein805 · October 24, 2005

i think autoit only knows if you shutdown your system, if you log off or if the prog is closed by any other command

why don't you restrict the users rights so that they can't shutdown their system?

mlglobal · October 24, 2005

i think autoit only knows if you shutdown your system, if you log off or if the prog is closed by any other command
why don't you restrict the users rights so that they can't shutdown their system?

Great question! Our management wants to see who is shutting down the systems first. They won't let us implement the Group Policy that disables the shutdown feature until they see the numbers. I'm not looking for an AutoIT feature that tracks that but something inside of Windows like a registry key that gets modified if the system is shutdown and the difference if it's rebooted.

Edited October 24, 2005 by mlglobal

Nuffilein805 · October 24, 2005

well, you got a funny management

is it allowed to reboot without logging in?

then use the

ping("destination", "time")

function

if they have to log in just do a little prog and install it on the client - make it send a message like "hello, i'm here" every 30 sec to an inifile

iniwrite("networkfolder\inifile.ini", "Logged on", @computername, @hour & "." & @min & "  " & @mday & "." & @mon & "." &@year)

then do a little prog checking this file

maybe i post the code later, but i'm sure you can think of something

SpookMeister · October 24, 2005

A quick google search didn't give me anything.

I think I would approach this in a server pinging and logging a list of client machines periodically type of way. Or you might do it with uptime from microsoft (I think you need XP or better clients for this)

http://support.microsoft.com/...q232243

You could do a calculation based on how long the systems that you test have been running.

Edited October 24, 2005 by SpookMeister

mlglobal · October 24, 2005

A quick google search didn't give me anything.
I think I would approach this in a server pinging and logging a list of client machines periodically type of way. Or you might do it with uptime from microsoft (I think you need XP or better clients for this)
http://support.microsoft.com/...q232243
You could do a calculation based on how long the systems that you test have been running.

Thanks for the suggestion. I'm open to anything at this point. I just need to be able to present the info in a report format that managment understands after I gather the data. I still think the best method is to have the clients do some sort of test and then throw that data into a database reporting format out on a network share. I'll continue to search and I'll post a solution if I find one.

BigDod · October 24, 2005

Thanks for the suggestion. I'm open to anything at this point. I just need to be able to present the info in a report format that managment understands after I gather the data. I still think the best method is to have the clients do some sort of test and then throw that data into a database reporting format out on a network share. I'll continue to search and I'll post a solution if I find one.

You could always place an AuotIt script in their startup folders that would send info to the server or you whenever a computer was started.

CyberSlug · October 24, 2005

Well, you CAN determine what the previous shutdown method was by looking at a registry key.

$key = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer","Shutdown Setting")
#cs -- Possible values (in order as the appear in the combo box):
    -- If you set value to 64 but your system does not support hibernate, I think "standby" is set
1 = logoff (also 8 and 32)
2 = shutdown (also 0)
4 = restart
16 = standby
64 = hibernate
#ce
MsgBox(4096,"value", $key)

The only thing I don't know is if the user chooses to logoff, and THEN clicks the shutdown button from the logon screen... I didn't see any correspondign registry key in HKEY_USERS\.DEFAULT ....

Edit: I also don't know what happens if the user presses the power button to turn off the machine as set in the "Power Options" applet in the Control Panel....

Original thread: http://www.autoitscript.com/forum/index.php?showtopic=3795

Other ideas:

Check timestamp difference of system event log for "The Event log service was started" and "The Event log service was stopped" (IDs 6005 and 6006).

Details
Product: Windows Operating System
ID: 6009
Source: EventLog
Version: 5.2
Symbolic Name: EVENT_EventLogProductInfo
Message: Microsoft ® Windows ® %1 %2 %3 %4.

Explanation
The user restarted or shut down the computer by clicking Start or pressing CTRL+ALT+DELETE, and then clicking Shut Down. The message displays the Windows product information for the computer logging the message, including the product name, version, build number, service pack number, and operating system type.

Edited October 24, 2005 by CyberSlug

mlglobal · October 24, 2005

Well, you CAN determine what the previous shutdown method was by looking at a registry key.
$key = RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer","Shutdown Setting")
#cs -- Possible values (in order as the appear in the combo box):
    -- If you set value to 64 but your system does not support hibernate, I think "standby" is set
1 = logoff (also 8 and 32)
2 = shutdown (also 0)
4 = restart
16 = standby
64 = hibernate
#ce
MsgBox(4096,"value", $key)
The only thing I don't know is if the user chooses to logoff, and THEN clicks the shutdown button from the logon screen... I didn't see any correspondign registry key in HKEY_USERS\.DEFAULT ....
Edit: I also don't know what happens if the user presses the power button to turn off the machine as set in the "Power Options" applet in the Control Panel....
Original thread: http://www.autoitscript.com/forum/index.php?showtopic=3795
Other ideas:
Check timestamp difference of system event log for "The Event log service was started" and "The Event log service was stopped" (IDs 6005 and 6006).

CyberSlug,

That is GOLDEN my friend! Thank you very much. My the AutoIT GODS continually smile upon you!

SpookMeister · October 24, 2005

I did some more searching and found that info too... one thing I wasnt sure of was how compatable that is on all versions of windows. You probably have some testing to do.

Overall, if its for some report for management and I were in your shoes, I would want to have something gather much more acurate data on client availability.

$ClientFile = FileOpen("C:\clients.txt", 0)
$LogFile = FileOpen("C:\ClientLog.txt", 1)

If $ClientFile = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf

If $LogFile = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf

While 1
    $line = FileReadLine($ClientFile)
    If @error = -1 Then ExitLoop
    $var = Ping($line,100)
    If NOT $var Then
        FileWriteLine($LogFile, $line & "," & @YEAR & @MON & @MDAY & @HOUR & @MIN)
    EndIf
Wend
 
FileClose($ClientFile)
FileClose($LogFile)

Make a client file "C:\clients.txt" and fill with client PC names or IP addresses like this:

client1
client2
192.160.1.100
client4

Then schedule something like my above code to run hourly (or maybe just afterhours) right from your workstation.

The ouput file "C:\ClientLog.txt" will have a list of which clients were not available at specific times during the night... from this you should be able to make a pretty graph that even a manager can understand.

Edited October 24, 2005 by SpookMeister

BigDod · October 24, 2005

The ouput file "C:\ClientLog.txt" will have a list of which clients were not available at specific times during the night... from this you should be able to make a pretty graph that even a manager can understand.

Careful , You are crediting the managers with some sort of inteligence

Nuffilein805 · October 24, 2005

nice idea looking into the reg

blame i haven't thought of it before

Computer shutdown versus reboot

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members