Skip to main content

 none
Machine Monitoring Demon RRS feed

  • Question

  • We want to build a program which monitors activity from all the machines in our office. Basically we want that we have a central database where we can see that who has logged-in on what machine and when. I understand that i will have to install a demon program that runs on all the machines in our office and this program will send in the information to the central database. Now how do i make this program run on every log-in/log-out on a machine ? And how do i make sure that user will not be able to change this behavior of this program or uninstall this program .  We can assume that user does not have admin rights on the machines. 

    -Pushkar

    Thursday, October 25, 2012 1:45 AM

Answers

All replies

  • You could turn on Auditing of Logon Events in Local Security Policy. Then the info exists in the event logs (Event Viewer). That means you don't need a client program.
     
    Then you can use WMI from script, command line, or program to get the data.
     
    WMI From a Command Line
     
    wmic /node:"@%userprofile%\desktop\ComputerName.txt" /output:"%userprofile%\desktop\EventLog.html" /failfast:on PATH Win32_NTLogEvent where  (EventIDentifier=528 or eventidentifier=538) get /format:hform
    Where /node:"@ is path to a file containing computer names (without leading slashes) or IP addresses. /format: can be list, table, csv, hform (html list), or htable (html table). You can include /user:username and /password:password - they need to be before the PATH part of the command.
     
    You can get the EventID from
    "Pushkar_N" wrote in message news:850ffd61-377c-4531-9860-879a59f092a2...
    We want to build a program which monitors activity from all the machines in our office. Basically we want that we have a central database where we can see that who has logged-in on what machine and when. I understand that i will have to install a demon program that runs on all the machines in our office and this program will send in the information to the central database. Now how do i make this program run on every log-in/log-out on a machine ? And how do i make sure that user will not be able to change this behavior of this program or uninstall this program .  We can assume that user does not have admin rights on the machines. 

    -Pushkar

    Thursday, October 25, 2012 8:00 AM
  • To get a web page of the current logged on users.
     
    wmic /node:"@%userprofile%\desktop\ComputerName.txt" /output:"%userprofile%\desktop\CurrentUser.html" /failfast:on PATH Win32_ComputerSystem get username /format:htable
    --
    .
    --
    "DavidMCandy" wrote in message news:df2e2be9-a532-4dd1-a8f7-3e20271dd10d...
    You could turn on Auditing of Logon Events in Local Security Policy. Then the info exists in the event logs (Event Viewer). That means you don't need a client program.
     
    Then you can use WMI from script, command line, or program to get the data.
     
    WMI From a Command Line
     
    wmic /node:"@%userprofile%\desktop\ComputerName.txt" /output:"%userprofile%\desktop\EventLog.html" /failfast:on PATH Win32_NTLogEvent where  (EventIDentifier=528 or eventidentifier=538) get /format:hform
    Where /node:"@ is path to a file containing computer names (without leading slashes) or IP addresses. /format: can be list, table, csv, hform (html list), or htable (html table). You can include /user:username and /password:password - they need to be before the PATH part of the command.
     
    You can get the EventID from
    "Pushkar_N" wrote in message news:850ffd61-377c-4531-9860-879a59f092a2...
    We want to build a program which monitors activity from all the machines in our office. Basically we want that we have a central database where we can see that who has logged-in on what machine and when. I understand that i will have to install a demon program that runs on all the machines in our office and this program will send in the information to the central database. Now how do i make this program run on every log-in/log-out on a machine ? And how do i make sure that user will not be able to change this behavior of this program or uninstall this program .  We can assume that user does not have admin rights on the machines. 

    -Pushkar

    Thursday, October 25, 2012 8:40 AM
  • This does not help, we want to build a daemon really, Initially we are planning to monitor the log-on activity and in later stages we will also would like to monitor various other statistics like memory usage or CPU usage etc . 

    -Pushkar

    Thursday, October 25, 2012 8:55 PM
  • You request seems like a product/tool design, instead of a just development technical requirement, right?

    And After hours search on internet, I think your requirement should considered on the script and WMI like script technical, which forum will be helpful is here: 

    http://social.technet.microsoft.com/Forums/en-us/itmanager/threads 

    http://social.technet.microsoft.com/Forums/en-us/ITCG/threads

    And your requirement is just like a IT management's requirement, can I summary it like this? Then I suggest you not use API or development like words in your requirement post, that will limit others minds who would help you(especially the guys who are not familiar with Windows Desktop Development definition), and I think no one here like to help another one design a application almost totally, at least your post makes me have this thinking, and not just not like, a design work can not be solved simply just form a forum thread, I think. I think if you can ask question like this, it will help you collect more and more suitable ideas and technical support from corresponding experts quickly.

    And I helped you find third links with ready made products to this similar requirement, maybe they can give you the helps also:

    http://blog.monitis.com/index.php/2012/05/03/benefits-of-monitoring-active-directory/ 

    http://www.manageengine.com/products/active-directory-audit/monitor-user-logon-actions.html?ADAPID=5&kw=active%20directory%20login%20audit&adId=5346479807&gclid=CIibzPyZpbMCFaN_QgodjgEAxg 

    http://akcela.com.br/parceiros_manageengine.asp 

    Best wishes,


    Mike Zhang[MSFT]
    MSDN Community Support | Feedback to us

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


    Monday, October 29, 2012 3:08 AM
    Moderator
  • A service application conforms to the interface rules of the Service Control Manager (SCM). It can be started automatically at system boot, by a user through the Services control panel applet, or by an application that uses the service functions. Services can execute even when no user is logged on to the system.

     
     

    --
    .
    --
    "Pushkar_N" wrote in message news:0f50e3fe-3cc2-40f1-ac3a-9d1c0e858f26...
    This does not help, we want to build a daemon really, Initially we are planning to monitor the log-on activity and in later stages we will also would like to monitor various other statistics like memory usage or CPU usage etc . 

    -Pushkar

    • Proposed as answer by DavidMCandy Wednesday, October 31, 2012 6:38 AM
    • Marked as answer by Pushkar_N Thursday, November 1, 2012 6:14 PM
    Monday, October 29, 2012 7:56 AM
  • wmic /output:"%userprofile%\desktop\NicSpeed.html" /failfast:on process get /format:hform
     
    Gives a lot of task manager info
     
    .
    --
    "Pushkar_N" wrote in message news:0f50e3fe-3cc2-40f1-ac3a-9d1c0e858f26...
    This does not help, we want to build a daemon really, Initially we are planning to monitor the log-on activity and in later stages we will also would like to monitor various other statistics like memory usage or CPU usage etc . 

    -Pushkar

    Monday, October 29, 2012 9:28 AM
  • This is what i really wanted, of course i donot want any system design, i have never done any service development before so i did not know where to start, so i just wanted a startting point. Thanks a lot David.

    -Pushkar

    Tuesday, October 30, 2012 1:34 PM
  • http://msdn.microsoft.com/en-us/library/windows/desktop/ms687416(v=vs.85).aspx

    http://code.msdn.microsoft.com/windowsdesktop/CppWindowsService-cacf4948 

    These are good samples which can help you dev a Windows Service for this project's beginning.

     

    Mike Zhang[MSFT]
    MSDN Community Support | Feedback to us

    Thursday, November 1, 2012 3:37 AM
    Moderator
  • For this purpose i suggest you to try a comprehensive tool which will monitor all events though out a network in organisation ...u can use Lepide Event Log Manager ..it archives network-wide event logs in a central repository and consolidates them for further processing also keeps a check on event logs and alerts the administrator for critical events able to affect system health, cause security issues and compliance violation. Software sends an instant email alert on occurrence of events that are pre-specified as critical by the administrator


    • Proposed as answer by peterdru Tuesday, November 20, 2012 5:36 AM
    • Edited by peterdru Tuesday, November 20, 2012 5:37 AM
    Tuesday, November 20, 2012 5:35 AM