如何检测 Windows 登录事件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1448372/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to detect Windows Logon event?
提问by Attilah
How do you detect Windows logon event?
如何检测 Windows 登录事件?
And how do you initiate a user logon from a Windows service?
以及如何从 Windows 服务启动用户登录?
I'm trying to write a piece of code that will detect logon events and log another one automatically.
我正在尝试编写一段代码来检测登录事件并自动记录另一个事件。
回答by Richard
How do you detect Windows logon event?
如何检测 Windows 登录事件?
If any mechanism exists it is likely to be in WMI. There are a number of WMI classes. Notably Win32_LogonSession; which is related to Win32_Accountvia Win32_LoggedonUser). If creation events are supported for Win32_LogonSessionthen that would be a very effective method.
如果存在任何机制,它很可能在 WMI 中。有许多 WMI 类。值得注意的是Win32_LogonSession;这与Win32_Account通过Win32_LoggedonUser)有关。如果支持创建事件,Win32_LogonSession那将是一种非常有效的方法。
And how do you initiate a user logon from a Windows service?
以及如何从 Windows 服务启动用户登录?
The LogonUserAPI allows creating a new user token, you can then use that token for threads or processes. Using CreateProcessWithLogonW(and similar) allows the user name and password to be created to create a process under a different account (essentially LogonUserplus CreateProcessWithTokenW).
该LogonUserAPI允许创建一个新的用户令牌,然后可以使用该令牌的线程或进程。使用CreateProcessWithLogonW(和类似的)允许创建用户名和密码以在不同的帐户下创建进程(本质上是LogonUserplus CreateProcessWithTokenW)。
回答by Mick
If you are developing for Windows 2000/XP you can create a Winlogon Notification Package using the JWA libraries and Delphi. They've made it extremely easy:
如果您正在为 Windows 2000/XP 开发,您可以使用 JWA 库和 Delphi 创建一个 Winlogon 通知包。他们让它变得非常简单:
http://blog.delphi-jedi.net/2008/05/27/winlogon-notification-package/
http://blog.delphi-jedi.net/2008/05/27/winlogon-notification-package/
This also allows you to put a form on the CTRL+ALT+DEL screen if you'd like as well. That form is running under the SYSTEM profile.
如果您愿意,这也允许您在 CTRL+ALT+DEL 屏幕上放置一个表单。该表单在 SYSTEM 配置文件下运行。
回答by ChristianWimmer
Winlogon Notification Package are removed from Vista.
Winlogon 通知包已从 Vista 中删除。
Use WTSRegisterSessionNotification or System Event Notification Service (SENS). However, you cannot logon a user interactively s.t. the logon dialog is removed and the user desktop is shown instead. This is done by winlogon using some registry keys. LogonUser just gives you a token that you can use to impersonate a user.
使用 WTSRegisterSessionNotification 或系统事件通知服务 (SENS)。但是,您无法以交互方式登录用户,因为登录对话框已删除,而是显示用户桌面。这是由 winlogon 使用某些注册表项完成的。LogonUser 只是给你一个令牌,你可以用它来模拟用户。
回答by Shiraz Bhaiji
You can detect a user logon by for example monitoring the event log. You can also start a process with a specific user, as Richard explained.
您可以通过例如监视事件日志来检测用户登录。正如 Richard 解释的那样,您还可以使用特定用户启动流程。
However, it sounds like you are trying so do something else, that is to swap the logon identity of the logged on user. This I do not think is possible.
但是,听起来您正在尝试做其他事情,即交换登录用户的登录身份。我认为这是不可能的。
