#200785 - 2010-11-25 09:18 PM
Check if a laptop is required or not
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Hi all,
I need to check if laptop users in my company actually use the laptop as a laptop. What I mean to say: people who only use their laptop at their own desk obviously don't need specifically a laptop and can do their work just fine with a desktop computer instead (which is about half the price).
So what I need to detect is if the user has logged on using cached credentials or not, but I can't find out where to check for this. Does anyone know?
I know I can detect if the user is working online or not by checking for a connection to a server, or the IP / subnet being used, but this is not the solution I'm looking for because I will log additional related info such as the amount of time worked offline and online, and online via VPN link. For this last one I still need to know if the user has logged on with cached info otherwise I will have false results (user is online, but was logged on with cached info).
Any help on how to detect if the session was started with cached credentials is welcome!!
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
Top
|
|
|
|
#200787 - 2010-11-25 10:52 PM
Re: Check if a laptop is required or not
[Re: Jeroen]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
I can't say I have any good advice for you. This seems full of pitfalls.
However, I did see that WMI has a class called Win32_LogonSession, and using Kixomatic created this...
Break On
$strComputer = "."
$objWMIService = GetObject("winmgmts:\\" + $strComputer + "\root\cimv2")
$colItems = $objWMIService.ExecQuery("Select * from Win32_LogonSession",,48)
For each $objItem in $colItems
"AuthenticationPackage: " + $objItem.AuthenticationPackage ?
"Caption: " + $objItem.Caption ?
"Description: " + $objItem.Description ?
"InstallDate: " + $objItem.InstallDate ?
"LogonId: " + $objItem.LogonId ?
"LogonType: " + $objItem.LogonType ?
"Name: " + $objItem.Name ?
"StartTime: " + $objItem.StartTime ?
"Status: " + $objItem.Status ?
?
Next
? 'Press Any Key to close the window'
get $
I also found the following site that might give you some direction. http://blogs.msdn.com/b/dsadsi/archive/2...-using-wmi.aspx
|
Top
|
|
|
|
#200792 - 2010-11-26 08:11 AM
Re: Check if a laptop is required or not
[Re: Allen]
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Thanks Allen,
I've had a look at the results generated by this code, but I'm not sure I can use that. The result when I'm online is:
AuthenticationPackage: Negotiate Caption: Description: InstallDate: LogonId: 999 LogonType: 0 Name: StartTime: 20101126070314.718750+060 Status:
AuthenticationPackage: Negotiate Caption: Description: InstallDate: LogonId: 997 LogonType: 5 Name: StartTime: 20101126070317.406250+060 Status:
AuthenticationPackage: Negotiate Caption: Description: InstallDate: LogonId: 996 LogonType: 5 Name: StartTime: 20101126070317.062500+060 Status:
AuthenticationPackage: Kerberos Caption: Description: InstallDate: LogonId: 199480 LogonType: 2 Name: StartTime: 20101126070420.704828+060 Status:
AuthenticationPackage: NTLM Caption: Description: InstallDate: LogonId: 102879 LogonType: 3 Name: StartTime: 20101126070325.968750+060 Status:
Press Any Key to close the window
As alternative I've also thought of looking at the CachedLogonsCount value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon but this doesn't seem to decrease immediately, it will only decrease at the next logon.
I've also thought of using the "LOGONSERVER" variable, but sadly nowadays it does not return the local computername when the local system 'authenticates' using cached information. Instead it returns the DC name that was last used to authenticate.
So I'm still stuck.. Does anyone know of some smart thing I can use?
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
Top
|
|
|
|
#200793 - 2010-11-26 08:24 AM
Re: Check if a laptop is required or not
[Re: Jeroen]
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Ok - I may have found something. But it looks like this is above my level of expertise. I will try to read up on it and to understand if I can use this, but I would appreciate some help with it if someone here already knows how to:
MSDN - Logon Profile Structure
and
MSDN - LSALogonUser function
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
Top
|
|
|
|
#200798 - 2010-11-26 11:44 AM
Re: Check if a laptop is required or not
[Re: Arend_]
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
I have a way to check if the VPN client is used by checking a dependant service (it normally is not running):
If WMISvcMgr('Query','iPassConnectEngine',,'@WKSTA')[7] = 'Running'
$Location = "VPN"
EndIf
And another way is to pull the DHCP server IP address from the registry (VPN clients have a dedicated DHCP server, so I know the IP address).
So that's covered. But it doesn't tell me everything.
Example to show what I'm aiming at:
Break on
$CheckFile = "\\SOMESERVER\SomeShare\SomeFileThatIsAlwaysThere.ext"
$MinsOnline = 0
$MinsOffLine = 0
$VPNMinsOnline = 0
If Exist($CheckFile)
; Server is available, so client is on the network
$CachedLogon = 0
Else
; Server is not available, so client is not on the network
$CachedLogon = 1
Endif
While @ERROR=0
If Exist($CheckFile) AND $VPNConnection = 0
If $CachedLogon = 1
$VPNConnection = 1
$VPNMinsOnline = $VPNMinsOnline + 1
Else
$MinsOnline = $MinsOnline + 1
Endif
Else
$MinsOffline = $MinsOffline + 1
Endif
Gosub WriteToLogfile
Sleep 60
Loop
Exit
:WriteToLogfile
; Log everything
RETURN
This is just a quick and dirty example. I'd rather check for the cached logon, but as second best I'll consider using a variant of the above to avoid spending a lot of time on this.
Thanks!
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 515 anonymous users online.
|
|
|