How can my app get a valid "last time connected to domain" timestamp from Windows, even when the app is running offline?
即使应用程序脱机运行,我的应用程序如何从Windows获得有效的“上次连接到域”时间戳?
Background: I am writing an application that is run on multiple client machines throughout my company. All of these client machines are on one of the AD domains implemented by my company. This application needs to take certain measures if the client machine has not communicated with the AD for a period of time.
背景:我正在编写一个在我公司的多台客户机上运行的应用程序。所有这些客户端计算机都在我公司实施的AD域之一上。如果客户端计算机在一段时间内未与AD通信,则此应用程序需要采取某些措施。
An example might be that a machine running this app is stolen. After e.g. 4 weeks, the application refuses to work because it detects that the machine has not communicated with its AD domain for 4 weeks.
一个例子可能是运行此应用程序的计算机被盗。例如4周后,该应用程序拒绝工作,因为它检测到该机器未与其AD域通信4周。
Note that this must not be tied to a user account because the app might be running as a Local Service account. It the computer-domain relationship that I'm interested in.
请注意,这不能绑定到用户帐户,因为该应用可能作为本地服务帐户运行。它是我感兴趣的计算机领域关系。
I have considered and rejected using WinNT://<domain>/<machine>$,user
because it doesn't work while offline. Also, any LDAP://...
lookups won't work while offline.
我已经考虑并拒绝使用WinNT://
I have also considered and rejected scheduling this query on a dayly basis and storing the timestamp in the registry or a file. This solutions requires too much setup and coding. Besides this value simply MUST be stored locally by Windows.
我还考虑并拒绝每天安排此查询并将时间戳存储在注册表或文件中。该解决方案需要过多的设置和编码。除了这个值,只需要由Windows本地存储。
2 个解决方案
#1
1
I don't believe this value is stored on the client machine. It's stored in Active Directory, and you can get a list of inactive machines using the Dsquery tool.
我不相信这个值存储在客户端计算机上。它存储在Active Directory中,您可以使用Dsquery工具获取非活动计算机列表。
The best option is to have your program do a simple test such as connection to a DC, and then store the timestamp of that action.
最好的选择是让程序执行简单的测试,例如连接到DC,然后存储该操作的时间戳。
#2
0
IMHO i dont think the client machine would store a timestamp of the last time it communicated with AD. This information is stored in active directory itself (ie. on the DC)
恕我直言,我不认为客户端机器会存储上次与AD通信的时间戳。此信息存储在活动目录中(即在DC上)
Once a user logs into say a Windows machine the credentials are cached. If that machine is disconnected from the network the credentials will last forever. You can turn this feature off with group policies, so that the machine does not cache any credentials.
一旦用户登录说Windows机器,就会缓存凭据。如果该计算机与网络断开连接,则凭据将永久保留。您可以使用组策略关闭此功能,以便计算机不会缓存任何凭据。
#1
1
I don't believe this value is stored on the client machine. It's stored in Active Directory, and you can get a list of inactive machines using the Dsquery tool.
我不相信这个值存储在客户端计算机上。它存储在Active Directory中,您可以使用Dsquery工具获取非活动计算机列表。
The best option is to have your program do a simple test such as connection to a DC, and then store the timestamp of that action.
最好的选择是让程序执行简单的测试,例如连接到DC,然后存储该操作的时间戳。
#2
0
IMHO i dont think the client machine would store a timestamp of the last time it communicated with AD. This information is stored in active directory itself (ie. on the DC)
恕我直言,我不认为客户端机器会存储上次与AD通信的时间戳。此信息存储在活动目录中(即在DC上)
Once a user logs into say a Windows machine the credentials are cached. If that machine is disconnected from the network the credentials will last forever. You can turn this feature off with group policies, so that the machine does not cache any credentials.
一旦用户登录说Windows机器,就会缓存凭据。如果该计算机与网络断开连接,则凭据将永久保留。您可以使用组策略关闭此功能,以便计算机不会缓存任何凭据。