Posted by jpluimers on 2021/08/31
This helped me big time finding failed logon attempts: [WayBack] Event Log Hell (finding user logon & logoff) – Ars Technica OpenForum
Alternatively, you can use the XPath query mechanism included in the Windows 7 event viewer. In the event viewer, select “Filter Current Log…”, choose the XML tab, tick “Edit query manually”, then copy the following to the textbox:
Code:
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">*[System[EventID=4624] and EventData[Data[@Name='TargetUserName'] = 'USERNAME']]</Select>
</Query>
</QueryList>
This selects all events from the Security log with EventID 4624 where the EventData contains a Data node with a Name value of TargetUserName that is equal to USERNAME. Remember to replace USERNAME with the name of the user you’re looking for.
If you need to be even more specific, you can use additional XPath querying – have a look at the detail view of an event and select the XML view to see the data that you are querying into.
Thanks user Hamstro!
Notes:
- you need to perform this using
eventvwr.exe running as an elevated process using an Administrative user CUA token.
USERNAME needs to be the name of the user in UPPERCASE.- replacing
TargetUserName with subjectUsername (as suggested by [WayBack] How to Filter Event Logs by Username in Windows 2008 and higher | Windows OS Hub) fails.
- there are more relevant EventID values you might want to filter on (all links have screenshot and XML example of an event):
- blank (empty passwords) can only be used for local logon, so they disable network logon. That can be a useful security strategy.
Related:
–jeroen
Like this:
Like Loading...
Posted in Development, Microsoft Surface on Windows 7, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Vista, Windows XP, XML/XSD | Leave a Comment »
Posted by jpluimers on 2021/08/09
[WayBack] How to turn on automatic logon in Windows
Describes how to turn on the automatic logon feature in Windows by editing the registry.
Most archivals of the above post fail with a 404-error after briefly flashing the content, but this particular one usually succeeds displaying.
It is slightly different from the one referenced in my blog post automatic logon in Windows 2003, and because of the archival issues, I have quoted most of it below.
A few observations, at least in Windows 10 and 8.1:
- Major Windows 10 upgrades will disable the autologon: after each major upgrade, you have to re-apply the registry patches.
- If the user has a blank password, you can remove the DefaultPassword value.
- Empty passwords allow local logon (no network logon or remote desktop logon), no network access and no RunAs, which can actually help improve security. More on that in a later blog post
- For a local machine logon, you do not need the DefaultDomainName value either (despite many posts insisting you need them), but you can technically set it to the computer name using
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d %ComputerName% /f
- If another user logs on and off, the values keep preserved, so after a reboot, the correct user automatically logs on
- you need a full reboot cycle for this to take effect
- The AutoLogon tool does not allow blank passwords
I wrote a batch file enable-autologon-for-user-parameter.bat that makes it easier:
if [%1] == [] goto :help
:enable
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
:setUserName
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d %1 /f
:removePasswordIfItExists
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /f
if [%2] == [] goto :eof
:setPassword
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d %2 /f
goto :eof
:help
echo Syntax:
echo %0 username password
The article quote:
Read the rest of this entry »
Like this:
Like Loading...
Posted in Batch-Files, Development, Microsoft Surface on Windows 7, Power User, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »
Posted by jpluimers on 2020/12/01
Source: [WayBack] How to install Telnet with only one command:
dism /online /Enable-Feature /FeatureName:TelnetClient
–jeroen
Like this:
Like Loading...
Posted in Microsoft Surface on Windows 7, Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista | Leave a Comment »
Posted by jpluimers on 2020/09/28
[WayBack] Windows 7 Blue Screen Of Death with error 0x7B – twm’s blog:
To allow Windows 7 to boot in IDE as well as AHCI mode, I had to enable the following drivers (by setting “Start” to “0” in the registry, there might be other options to do this):
HKLM\System\CurrentControlSet\services\intelide
HKLM\System\CurrentControlSet\services\pciide
HKLM\System\CurrentControlSet\services\msahci
HKLM\System\CurrentControlSet\services\iastorV
The first two allow Windows 7 to boot from SATA in IDE mode. The second two allow Windows 7 to boot from SATA in AHCI mode.
–jeroen
Like this:
Like Loading...
Posted in Development, Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9 | Leave a Comment »
Posted by jpluimers on 2019/05/14
Posted in Batch-Files, Development, Microsoft Surface on Windows 7, Power User, Scripting, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »
The Wiert Corner - irregular stream of stuff 