Run a program when user enters his account

[holden321]

I have a batch file which I want to run when user enters his account.
Not just at user logon, but every time he enters his account (when switching accounts).
I know there is a group policy "run these programs at user logon", but it is not suit my case.

 

[Pyprohly]

Hi,

There’s an event that fires each time a user returns to their login session. To achieve your goal, what you can do is create a scheduled task based on this event.

Event id ‘4778’ of provider ‘Microsoft-Windows-Security-Auditing’ in the ‘Security’ log is your answer. It is disabled by default and needs to be activated first however. Enable the “Audit logon events” policy under “Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy” to have your computer log the event. After this, an event log will be created whenever a user logs in or switch users into an account.

You can now open up Task Scheduler and create a scheduled task from this event. Here’s an example you can import and modify to your use.

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2017-04-21T21:42:09.7887974</Date>
    <Author>DESKTOP-K9PKB3G\Pyprohly</Author>
    <Description>Performs a task when a user reconnects to their login session.</Description>
    <URI>\User login event</URI>
  </RegistrationInfo>
  <Triggers>
    <EventTrigger>
      <Enabled>true</Enabled>
      <Subscription><QueryList><Query Id="0" Path="Security"><Select Path="Security">*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and EventID=4778]]</Select></Query></QueryList></Subscription>
    </EventTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>S-1-5-21-3458303600-101233123-2075927670-1001</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>LeastPrivilege</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>false</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>false</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>cmd</Command>
      <Arguments>/c "C:\Users\Pyprohly\Desktop\Ic\file.bat"</Arguments>
    </Exec>
  </Actions>
</Task>

The event will trigger on any connection to a user account session and as so often will the batch file execute. If you want your batch file to target a specific user, you must amend your batch file to test for it.

The event message contains information on which account had their session reconnected, but reading this in from batch can be tricky. Instead, what you can do is query the physically logged on user (as opposed to the account in which the batch file runs when you expand “%username%”) through WMI.

@echo off

for /f "tokens=2 delims=\" %%I in (' wmic computersystem get username /value ') do for /f "delims=" %%J in ("%%~I") do (
	if "%%~J" neq "Pyprohly" exit /b
)

rem Continue batch program here

 

[holden321]

It seems to work
Thank you!