Hi guys,
I’m in the need of a mechanism to detect user logon/logoff, if possible
using user mode components. As far as I see it now, there are three
possibilities:
-
The sysinternals TokenMon approach
I really don’t like that because of undocumented function calls are
used, and it is implemented using a driver
-
Writing a GINA stub
Does a GINA stub allow me to recover user name, logon domain name etc ?
Does anyone have experience with GINA stubs and compatibility with other
GINA’s (Novell, etc) ?
-
Polls for the shell process to be active
In a thread ina service, we could poll to see if the shell process is
active, and if so, get the username via the available API functions
The questions are:
- Are they any other mechanisms available ?
- Do these mechanisms work in terminal server environments (WinXP fast
user switching) ?
- What do you consider to be the best approach, and why ?
Any hints/tips are welcome!
Thanks,
Bartjan
In kernel mode, this is done by
SeRegisterLogonSessionTerminationCallback and
SeMarkLogonSessionForTerminationNotification.
Maybe there can be some user-mode (for instance, WMI or such)
facilities to detect logoff, but I’m nearly sure NT4 had no such.
Max
----- Original Message -----
From: “Bartjan Wattel”
To: “NT Developers Interest List”
Sent: Thursday, August 15, 2002 4:57 PM
Subject: [ntdev] Detecting user logon/logoff
> Hi guys,
>
> I’m in the need of a mechanism to detect user logon/logoff, if
possible
> using user mode components. As far as I see it now, there are three
> possibilities:
>
> 1. The sysinternals TokenMon approach
> I really don’t like that because of undocumented function calls are
> used, and it is implemented using a driver
>
> 2. Writing a GINA stub
> Does a GINA stub allow me to recover user name, logon domain name
etc ?
> Does anyone have experience with GINA stubs and compatibility with
other
> GINA’s (Novell, etc) ?
>
> 3. Polls for the shell process to be active
> In a thread ina service, we could poll to see if the shell process
is
> active, and if so, get the username via the available API functions
>
> The questions are:
> - Are they any other mechanisms available ?
> - Do these mechanisms work in terminal server environments (WinXP
fast
> user switching) ?
> - What do you consider to be the best approach, and why ?
>
> Any hints/tips are welcome!
>
> Thanks,
> Bartjan
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
Max,
Are these only for IFS drivers or any driver can call them?
-Srin.
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Thursday, August 15, 2002 12:05 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Detecting user logon/logoff
In kernel mode, this is done by
SeRegisterLogonSessionTerminationCallback and
SeMarkLogonSessionForTerminationNotification.
Maybe there can be some user-mode (for instance, WMI or such)
facilities to detect logoff, but I’m nearly sure NT4 had no such.
Max
----- Original Message -----
From: “Bartjan Wattel”
To: “NT Developers Interest List”
Sent: Thursday, August 15, 2002 4:57 PM
Subject: [ntdev] Detecting user logon/logoff
> Hi guys,
>
> I’m in the need of a mechanism to detect user logon/logoff, if
possible
> using user mode components. As far as I see it now, there are three
> possibilities:
>
> 1. The sysinternals TokenMon approach
> I really don’t like that because of undocumented function calls are
> used, and it is implemented using a driver
>
> 2. Writing a GINA stub
> Does a GINA stub allow me to recover user name, logon domain name
etc ?
> Does anyone have experience with GINA stubs and compatibility with
other
> GINA’s (Novell, etc) ?
>
> 3. Polls for the shell process to be active
> In a thread ina service, we could poll to see if the shell process
is
> active, and if so, get the username via the available API functions
>
> The questions are:
> - Are they any other mechanisms available ?
> - Do these mechanisms work in terminal server environments (WinXP
fast
> user switching) ?
> - What do you consider to be the best approach, and why ?
>
> Any hints/tips are welcome!
>
> Thanks,
> Bartjan
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>
—
You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to %%email.unsub%%
Any, though the functions are documented in IFS Kit.
Max
----- Original Message -----
From:
To: “NT Developers Interest List”
Sent: Thursday, August 15, 2002 11:48 PM
Subject: [ntdev] Re: Detecting user logon/logoff
> Max,
> Are these only for IFS drivers or any driver can call them?
>
> -Srin.
>
> -----Original Message-----
> From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> Sent: Thursday, August 15, 2002 12:05 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: Detecting user logon/logoff
>
>
> In kernel mode, this is done by
> SeRegisterLogonSessionTerminationCallback and
> SeMarkLogonSessionForTerminationNotification.
>
> Maybe there can be some user-mode (for instance, WMI or such)
> facilities to detect logoff, but I’m nearly sure NT4 had no such.
>
> Max
>
> ----- Original Message -----
> From: “Bartjan Wattel”
> To: “NT Developers Interest List”
> Sent: Thursday, August 15, 2002 4:57 PM
> Subject: [ntdev] Detecting user logon/logoff
>
>
> > Hi guys,
> >
> > I’m in the need of a mechanism to detect user logon/logoff, if
> possible
> > using user mode components. As far as I see it now, there are
three
> > possibilities:
> >
> > 1. The sysinternals TokenMon approach
> > I really don’t like that because of undocumented function calls
are
> > used, and it is implemented using a driver
> >
> > 2. Writing a GINA stub
> > Does a GINA stub allow me to recover user name, logon domain name
> etc ?
> > Does anyone have experience with GINA stubs and compatibility with
> other
> > GINA’s (Novell, etc) ?
> >
> > 3. Polls for the shell process to be active
> > In a thread ina service, we could poll to see if the shell process
> is
> > active, and if so, get the username via the available API
functions
> >
> > The questions are:
> > - Are they any other mechanisms available ?
> > - Do these mechanisms work in terminal server environments (WinXP
> fast
> > user switching) ?
> > - What do you consider to be the best approach, and why ?
> >
> > Any hints/tips are welcome!
> >
> > Thanks,
> > Bartjan
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nai.com
> To unsubscribe send a blank email to %%email.unsub%%
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>