Page 1 of 1 1
Topic Options
#200785 - 2010-11-25 09:18 PM Check if a laptop is required or not
Jeroen Offline
Starting to like KiXtart

Registered: 2001-08-16
Posts: 180
Loc: Netherlands

Hi all,

I need to check if laptop users in my company actually use the laptop as a laptop. What I mean to say: people who only use their laptop at their own desk obviously don't need specifically a laptop and can do their work just fine with a desktop computer instead (which is about half the price).

So what I need to detect is if the user has logged on using cached credentials or not, but I can't find out where to check for this. Does anyone know?

I know I can detect if the user is working online or not by checking for a connection to a server, or the IP / subnet being used, but this is not the solution I'm looking for because I will log additional related info such as the amount of time worked offline and online, and online via VPN link. For this last one I still need to know if the user has logged on with cached info otherwise I will have false results (user is online, but was logged on with cached info).

Any help on how to detect if the session was started with cached credentials is welcome!!
_________________________
Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.

Top
#200787 - 2010-11-25 10:52 PM Re: Check if a laptop is required or not [Re: Jeroen]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
I can't say I have any good advice for you. This seems full of pitfalls.

However, I did see that WMI has a class called Win32_LogonSession, and using Kixomatic created this...

 Code:
Break On
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\cimv2")
$colItems = $objWMIService.ExecQuery("Select * from Win32_LogonSession",,48)
For each $objItem in $colItems
 "AuthenticationPackage: " + $objItem.AuthenticationPackage ?
 "Caption: " + $objItem.Caption ?
 "Description: " + $objItem.Description ?
 "InstallDate: " + $objItem.InstallDate ?
 "LogonId: " + $objItem.LogonId ?
 "LogonType: " + $objItem.LogonType ?
 "Name: " + $objItem.Name ?
 "StartTime: " + $objItem.StartTime ?
 "Status: " + $objItem.Status ?
 ?
Next
? 'Press Any Key to close the window'
get $


I also found the following site that might give you some direction.
http://blogs.msdn.com/b/dsadsi/archive/2...-using-wmi.aspx

Top
#200792 - 2010-11-26 08:11 AM Re: Check if a laptop is required or not [Re: Allen]
Jeroen Offline
Starting to like KiXtart

Registered: 2001-08-16
Posts: 180
Loc: Netherlands
Thanks Allen,

I've had a look at the results generated by this code, but I'm not sure I can use that. The result when I'm online is:

 Quote:

AuthenticationPackage: Negotiate
Caption:
Description:
InstallDate:
LogonId: 999
LogonType: 0
Name:
StartTime: 20101126070314.718750+060
Status:

AuthenticationPackage: Negotiate
Caption:
Description:
InstallDate:
LogonId: 997
LogonType: 5
Name:
StartTime: 20101126070317.406250+060
Status:

AuthenticationPackage: Negotiate
Caption:
Description:
InstallDate:
LogonId: 996
LogonType: 5
Name:
StartTime: 20101126070317.062500+060
Status:

AuthenticationPackage: Kerberos
Caption:
Description:
InstallDate:
LogonId: 199480
LogonType: 2
Name:
StartTime: 20101126070420.704828+060
Status:

AuthenticationPackage: NTLM
Caption:
Description:
InstallDate:
LogonId: 102879
LogonType: 3
Name:
StartTime: 20101126070325.968750+060
Status:


Press Any Key to close the window


As alternative I've also thought of looking at the CachedLogonsCount value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon but this doesn't seem to decrease immediately, it will only decrease at the next logon.

I've also thought of using the "LOGONSERVER" variable, but sadly nowadays it does not return the local computername when the local system 'authenticates' using cached information. Instead it returns the DC name that was last used to authenticate.

So I'm still stuck.. Does anyone know of some smart thing I can use?
_________________________
Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.

Top
#200793 - 2010-11-26 08:24 AM Re: Check if a laptop is required or not [Re: Jeroen]
Jeroen Offline
Starting to like KiXtart

Registered: 2001-08-16
Posts: 180
Loc: Netherlands
Ok - I may have found something. But it looks like this is above my level of expertise. I will try to read up on it and to understand if I can use this, but I would appreciate some help with it if someone here already knows how to:

MSDN - Logon Profile Structure

and

MSDN - LSALogonUser function
_________________________
Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.

Top
#200795 - 2010-11-26 08:54 AM Re: Check if a laptop is required or not [Re: Jeroen]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Unfortunately you can't use that in Kix.
This requires the use of netsecapi.h, which is not included int he standard Windows API calls, so KiX can't access it.
Your best bet is to check the IP address, which will off course be different then your network's IP Range when connected from home.

Top
#200796 - 2010-11-26 09:11 AM Re: Check if a laptop is required or not [Re: Arend_]
Jeroen Offline
Starting to like KiXtart

Registered: 2001-08-16
Posts: 180
Loc: Netherlands
Thanks for the tip, but unfortunately I work in an international company with more than 60.000 PC's and hundreds of sites, so we use many IP adress ranges and subnets - too many to list and keep track of.

Also, with so many address ranges the chance is I would get false positives when people are working for example in the office of a customer or something where they might get an IP address in a range we also use in our company.

Perhaps I should expand my knowledge of VB .NET to see if I can make a simple program there that will output these flags so that I may use it further in Kix. \:\(

Seems this might become more than just a simple thing...
_________________________
Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.

Top
#200797 - 2010-11-26 10:48 AM Re: Check if a laptop is required or not [Re: Jeroen]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Well how about a simple solution then.
Attach a script to the VPN client, so that you know when a user uses the VPN connection.

Top
#200798 - 2010-11-26 11:44 AM Re: Check if a laptop is required or not [Re: Arend_]
Jeroen Offline
Starting to like KiXtart

Registered: 2001-08-16
Posts: 180
Loc: Netherlands
I have a way to check if the VPN client is used by checking a dependant service (it normally is not running):

 Code:
If WMISvcMgr('Query','iPassConnectEngine',,'@WKSTA')[7] = 'Running'
   $Location = "VPN"
EndIf


And another way is to pull the DHCP server IP address from the registry (VPN clients have a dedicated DHCP server, so I know the IP address).

So that's covered. But it doesn't tell me everything.

Example to show what I'm aiming at:

 Code:
Break on

$CheckFile = "\\SOMESERVER\SomeShare\SomeFileThatIsAlwaysThere.ext"
$MinsOnline = 0
$MinsOffLine = 0
$VPNMinsOnline = 0

If Exist($CheckFile)
   ; Server is available, so client is on the network
   $CachedLogon = 0
Else
   ; Server is not available, so client is not on the network
   $CachedLogon = 1
Endif

While @ERROR=0
   If Exist($CheckFile) AND $VPNConnection = 0
      If $CachedLogon = 1
         $VPNConnection = 1
         $VPNMinsOnline = $VPNMinsOnline + 1
      Else
         $MinsOnline = $MinsOnline + 1
      Endif
   Else
      $MinsOffline = $MinsOffline + 1
   Endif
   Gosub WriteToLogfile
   Sleep 60
Loop
Exit

:WriteToLogfile
; Log everything
RETURN



This is just a quick and dirty example. I'd rather check for the cached logon, but as second best I'll consider using a variant of the above to avoid spending a lot of time on this.

Thanks!
_________________________
Regards, Jeroen. There are two ways to write error-free programs. Only the third one works.

Top
#200801 - 2010-11-26 05:58 PM Re: Check if a laptop is required or not [Re: Jeroen]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I just look at the uptime on my laptop users. Not only don't they take it out of the dock, they don't even reboot it for months on end. I would love take these laptops away from people that think it is some sort of status symbol.

We are too generous with them. Over at the Corp offices, laptop users cannot have a dock, no external keyboard, no external monitor. All they are permitted is a mouse.

You could try looking in the registry for specific errors related to accessing the domain. Some errors I see are:
Application log Event 1054 and 15.
System log Event 5719 and 29.

One possible flaw in the logic though is that some laptop users might unplug and carry their laptop around without powering down/logging off. Our CIO once logged on to conference presentation in his office and then unplugged and took the laptop to the boardroom where he plugged into a different subnet and the presentation went turtle. All the while he blamed the technology.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 248 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.06 seconds in which 0.026 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org