有关捕获用户登录/注销,锁定/解锁活动的建议
[英]Suggestion for capturing user login/logoff, lock/unlock activities
问题描述
My requirement is to capture user login/logoff, lock/unlock activities with timestamps on Win xp and hp thin client (XP embedded) machines. 
我的要求是在Win xp和hp瘦客户机(嵌入式XP)计算机上捕获带有时间戳的用户登录/注销,锁定/解锁活动。 Currently, I am doing this with windows service which fulfills my requirement but due to some reasons service get stopped (Unable to find the cause) and we loss the data. 目前,我正在使用满足我的要求的Windows服务来执行此操作,但是由于某些原因,服务停止了(无法找到原因),并且我们丢失了数据。 Second approach I tried is to read the event logs security tab where users above activity get captured. 我尝试的第二种方法是读取事件日志的“安全性”选项卡,其中捕获了活动上方的用户。 Unfortunately, Win XP doesn't capture the lock event and also logs get cleared when I restart the thin client machine. 不幸的是,当我重新启动瘦客户机时,Win XP不会捕获锁定事件,并且日志也会被清除。 So this approach also not works for me. 因此,这种方法对我也不起作用。 Please suggest me the approach/solution to achieve the above requirement or any tools that works for above purpose. 请向我建议实现上述要求的方法/解决方案,或为上述目的使用的任何工具。
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2013-04-23 19:09:45
I'm assuming that because you're talking about lock/unlock that your machines are on a domain? 我假设这是因为您在谈论锁定/解锁您的计算机在域中? The domain controllers have event log entries for lockouts. 域控制器具有用于锁定的事件日志条目。 Be aware that there are different codes on 2003 servers and 2008 servers as the events were 'upgraded'. 请注意,随着事件“升级”,2003服务器和2008服务器上存在不同的代码。
It's very hard to work with event logs remotely, so in my opinion a service on the domain controllers, and on each machine that logs to a central web service (or database) is the most reliable approach. 远程处理事件日志非常困难,因此在我看来,在域控制器以及登录到中央Web服务(或数据库)的每台计算机上的服务都是最可靠的方法。
Edit: You could potentially capture logon/logoff events on the domain controllers as well, see this link: http://technet.microsoft.com/en-us/library/cc787567(v=ws.10).aspx 编辑:您也可能会捕获域控制器上的登录/注销事件,请参见以下链接: http : //technet.microsoft.com/zh-cn/library/cc787567(v=ws.10).aspx
Alternatively you could poll the event logs of these machines from a central source. 或者,您可以从中央来源轮询这些计算机的事件日志。 This wouldn't work well for Domain Controllers because good practice dictates that they only keep event logs for very short periods of time, but it may work for your thin clients. 这对于域控制器来说效果不佳,因为良好的实践表明它们只能将事件日志保留很短的时间,但对于瘦客户端来说可能会起作用。 It's far from my preferred solution however as polling takes a long time and you'll run into scaling issues with high numbers of (thin) clients. 这与我的首选解决方案相差甚远,因为轮询需要很长时间,并且您会遇到大量(瘦)客户端的扩展问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.