Hi all... I am quite new to Windows development, as well as the .net framework in general. Not forgetting C# as well (although experience with Java and OO), so this is a tough one :-). I would kindly like to ask you a few questions, looking more for pointers as an answer rather than an answer as such... ;-)

I have this task at hand which is the following. I am trying to create a mechanism (service?) which will live on a windows machine, catching desktop status events. (Logon, Logoff, Screen lock, Screen Unlock).

This is my first question I suppose...: Can I do that on an NT server machine, so that it gathers that info on events from all clients? Or is it just possible to do it on each client, gathering the data and then sending it to the central server?

My second question is a bit more general, and any pointers would be greatly appreciated... I really have no idea where to start with this.. all I have at hand is a project somebody once did, which is coded in C++ and uses the COM+ event system, along with SENS, which I gather is the mechanism that throws the events.

Is this supposed to be easier using the .net framework? Is there another way to do this? Is there a big difference in approach if I choose to code the solution in C# or VB.NET?

As a newbie, I would very much appreciate any answers you guys may have... even if they are along the lines of: What are you on about man?? :-)

Thanks in advance,
Aris

Hi there,

To track events like login, logout etc, you can query the NT Event Log. I do not know if the NT server will also have screen lock and unlock events but the local machine should I would imagine. Basically if an NT password is authenticated then I think you will find an event in the NT Event Log (Security Log). These are on the local machine and the NT Server. The Event Log consists of three files typically an Application Log, a System Log and the Security Log.

In .NET you can access this with the "EventClass". This allows you to read and write to the event log, which contains a great deal of information about the running system. You may need to speak with your local NT Administrator if you need historical data as these logs are often archived due to their size after a couple of days.

I have a post in the Visual C++.NET forum which shows you how to read the NT Event Log (Security Log) using the EventClass. There are also several examples in C# and VB in MSDN.

I hope that helps.

Cheers,
Kevin

Thanks very much for your reply. I will certainly have a look at the post you suggested, and see if it is suitable for what I am looking to do.

I was wondering though, because last night, some research led me to Winlogon as a solution. I tried coding up quickly a DLL which implements some methods to handle each one of the events thrown by Winlogon. According to MSDN, I had to compile it, which I did and register it with some specific values in the Win registry, which I also did.

In each of these methods, I just had a MessageBeep(-1) so that I could verify if it works. But it doesn't... :-(

On the other hand, somewhere on the web i found a SensDemo solution. This apparently uses COM+ and SENS to do exactly the same job. And I compiled it in VS.net and it works!! I get beeps every time an event occurs..

The problem is that it is a far more complicated method, more difficult to understand (almost impossible for me :)...

Any suggestions? I would like it very much if I found what is wrong with my Winlogon solution and fixed it to work, since it is so simple...

Thanks in advance,
Aris