build employee Monitoring service tool. I use windows service to build the tool. Now iam very confused which service account i need to use to build this tool. This confusion occurs when I tried to log system lock and unlock time using localsytem account .The event is not triggered . After some time of debugging i understand local system is running on service 0 session it's does not have access desktop settings . I need to give full access company employer . In future the features will be enhanced ,like app use by employee , track network, shut down and open etc . Can anyone help me
I tried on service start subscribing, session switch . It subscribing successfully. But the event is not triggering.
using System;
using System.Diagnostics;
using System.IO;
using System.ServiceProcess;
namespace MyFirstService
{
public partial class Service1 : ServiceBase
{
private const int SERVICE_CONTROL_SESSIONCHANGE = 0x0000000D;
private const int WTS_SESSION_LOGON = 0x5;
private const int WTS_SESSION_LOGOFF = 0x6;
private const int WTS_SESSION_LOCK = 0x7;
private const int WTS_SESSION_UNLOCK = 0x8;
public Service1()
{
InitializeComponent();
}
protected override void OnStart(string[] args)
{
WriteToFile("Service started at " + DateTime.Now);
}
protected override void OnStop()
{
WriteToFile("Service stopped at " + DateTime.Now);
}
protected override void OnSessionChange(SessionChangeDescription changeDescription)
{
switch (changeDescription.Reason)
{
case SessionChangeReason.SessionLogon:
WriteToFile("User logged on at " + DateTime.Now);
break;
case SessionChangeReason.SessionLogoff:
WriteToFile("User logged off at " + DateTime.Now);
break;
case SessionChangeReason.SessionLock:
WriteToFile("Workstation locked at " + DateTime.Now);
break;
case SessionChangeReason.SessionUnlock:
WriteToFile("Workstation unlocked at " + DateTime.Now);
break;
default:
WriteToFile($"Session change event: {changeDescription.Reason}");
break;
}
}
If your Windows Service is running under LocalSystem, you can capture session events like logon, logoff, lock, and unlock. The key is ensuring that your service: ✔ Enables session change events (CanHandleSessionChangeEvent = true). ✔ Handles the OnSessionChange event correctly.
using System;
using System.Diagnostics;
using System.IO;
using System.ServiceProcess;
namespace MyFirstService
{
public partial class Service1 : ServiceBase
{
private const int SERVICE_CONTROL_SESSIONCHANGE = 0x0000000D;
private const int WTS_SESSION_LOGON = 0x5;
private const int WTS_SESSION_LOGOFF = 0x6;
private const int WTS_SESSION_LOCK = 0x7;
private const int WTS_SESSION_UNLOCK = 0x8;
public Service1()
{
InitializeComponent();
this.CanHandleSessionChangeEvent = true;
}
protected override void OnStart(string[] args)
{
WriteToFile("Service started at " + DateTime.Now);
}
protected override void OnStop()
{
WriteToFile("Service stopped at " + DateTime.Now);
}
protected override void OnSessionChange(SessionChangeDescription changeDescription)
{
switch (changeDescription.Reason)
{
case SessionChangeReason.SessionLogon:
WriteToFile("User logged on at " + DateTime.Now);
break;
case SessionChangeReason.SessionLogoff:
WriteToFile("User logged off at " + DateTime.Now);
break;
case SessionChangeReason.SessionLock:
WriteToFile("Workstation locked at " + DateTime.Now);
break;
case SessionChangeReason.SessionUnlock:
WriteToFile("Workstation unlocked at " + DateTime.Now);
break;
default:
WriteToFile($"Session change event: {changeDescription.Reason}");
break;
}
}