如何在登录和注销时收集Windows事件 [英] How to collect Windows events on login and logout

问题描述

Hi Seniors，



我开发了一个程序，用于从Windows事件日志中收集系统登录和注销信息。



这个程序在本地和服务器机器上创建一个文本文件。



它对我的Windows系统工作正常，具有足够的管理员权限。



但是当我在另一台Windows计算机上运行我的应用程序（exe - 复制并粘贴）时，它需要管理员密码。然后它工作正常。



问题是，我们在一个域中有近100台机器，我们需要从200台用户在100台机器上收集日志。





谢谢，

Rajan。

Hi Seniors,

I have developed a program to collect system login and logout informations from Windows Event logs.

This program creates a text file on local & server machine.

It's working fine with my Windows system that has enough Admin rights.

But when i run my application on another Windows computer (exe - copied and pasted) it requires 'Administrator Password'. then it's working fine.

The problem is, we have nearly 100 machines in a Domain and we need to collect Logs from the same for 200 users working on 100 machines.


Thanks,
Rajan.

推荐答案

如果这是一个真正的程序，我建议看一下Windows服务程序。然后可以将其设置为以足够的权限运行以访问事件日志并执行您需要执行的操作。



然后您只需要一种部署方法，因此公司使用组策略管理部署来部署软件，或者您需要绕过每台计算机，以管理员身份登录并安装服务。



服务方法的替代方案是创建一个在每台机器上以管理员身份运行的计划任务，我相信（虽然我不确定）这是可以通过脚本/组策略部署的。然后，计划任务只以所需频率运行程序。

If this is a genuine program, I would suggest looking at a windows service program. This can then be set to run with sufficient privileges to access the event log and do what you need to do.

Then you just need a method of deployment, so companies use Group Policy managed deployment to deploy software, or you need to go around each machine, login as an administrator and install the service.

An alternative to the service approach is to create a Scheduled task that runs as an administrator on each machine, again I believe (although I'm not certain) this is something that can be deployed by scripting/Group Policy. The scheduled task then just runs your program at the required frequency.

在Windows中，有一个名为UAC（用户访问控制）的功能，如果程序正在访问信息，将提示用户需要比标准用户更高的权限。



如果程序作为Windows中组策略登录脚本的一部分运行，它将具有本地管理员权限，并且能够获得需要更高权利的信息，然后是标准用户。

In Windows, there is a feature called UAC (User Access Control), what will prompt the user if the program is accessing informations that need higher rights than standard user.

If the program is running as a part of Group Policy Login script in Windows, it will have Local Administrator rights and will be able to get informations that need higher rights, then a standard user.

这篇关于如何在登录和注销时收集Windows事件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！