Login/Register
Count logons and logoffs on computer Windows 7
Asked Answered
javawindowswindows-7wmijacob
F

2

7

I want to count the number of logons and logoffs on users of their computers. I take the information for logons/logoffs from the Windows event logs (from Win32_NTLogEvent WMI class). For example with following query:

select * from Win32_NtLogEvent
where EventCode = 4648 and TimeGenerated > '20120224000000.000000-***'

But when the computer has been restarted or started it counts 3 logons, when the user has clicked logoff or lock (from start menu) and then logon it counts 1 logon. The user authenticates via Windows Active Directory. Does it influence on the number of logons? Can I count only the number of logons using explicit credentials on users?

I found EventCode: 4608 and 4609 for starting up and shutting down of Windows but I need also the number of logons when the user has logoffed or locked the computer.

Fruition answered 24/2, 2012 at 15:4 Comment(9)
Don't know if this helps: msdn.microsoft.com/en-us/library/windows/desktop/…Reorganization
Are you trying to count unlocking the workstation, or trying to avoid counting it?Hellenize
I'm trying to count the users' spended time on the computer.Fruition
can you post some sample input (log)?Mane
Do you want to count on the specific computer or count as a user regardless of where he logged in?Blasius
@SvetoslavMarinov: see the update to my answer for a link with the codes.Kurtzman
Please note that logoff events are not always recorded when a user logs off. If you really want to record user logon/logoff reliably you'll need to use a completely different mechanism.Hellenize
@HarryJohnston would you say what mechanism do you think is good?Melise
@Blasius how do you think should be done for a computer?Melise
K
4

I found this solution here:

strComputer = "."
Set objWMIService = GetObject("winmgmts:{(Security)}\\" & _
    strComputer & "\root\cimv2")

Set colEvents = objWMIService.ExecQuery _
    ("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'Security' AND " & _
        "EventCode = 528 AND User = 'fabrikam\\kmyer'") 

Wscript.Echo colEvents.Count

Simply replace the values with the ones you want.

Now this isn't a Java but VB code... However it apparently uses the WMI interface that you could use from your Java program. Or you could do something ugly and invoke a batch script from Java (or scheduled task) and read its output, or use a binding.

This is of course assuming that you want to check this on the user's computer, as your question hinted. If you want to count logons at a more global level and from different machines, then you need to query the Active Directory (or other mechanism the networked infrastructure is using); the linked thread offers solutions for this as well.

Update:

You can have a look at Eric Fitzgerald's blog post on Tracking User Logon Activity Using Logon Events, where you have the corresponding codes (as well as complete formulas for accurate time tracking).

Apparently you want event codes 4624 (LOGON) and 4634 (LOGOFF), plus other ones listed there if you plan on using Fitzgerald's formulas to calculate the exact activity time.

Kurtzman answered 1/3, 2012 at 12:24 Comment(0)
H
1

A better approach would be to use a system service.

The HandlerEx callback function, defined by RegisterServiceCtrlHandlerEx, can be configured to receive session change notifications including logon, logoff, lock and unlock events.

I'm not entirely certain whether the logoff events received by HandlerEx are reliable or if they exhibit the same problems as the event log. As a backup, SetConsoleCtrlHandler allows you to define a callback function to receive logoff notifications. These notifications are reliable.

The remote desktop services API functions, such as WTSEnumerateSessions, may also be useful, allowing you to list the currently logged-on users at any given time, or get additional information about a given session. Only a subset of these functions are available on workstations, but they're the ones you need.

Hellenize answered 3/3, 2012 at 23:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.