Answer the question
In order to leave comments, you need to log in
How to monitor the "normal" shutdown of workstations?
AWPs in the domain (Server 2012). After a signal from ping that the remote computer is now offline, it is necessary to determine how it was turned off - through shutdown or through the power-button (or de-energized). Now a script is running on AWPs, which, at the time of normal shutdown, sends a message to the server. But the scheme doesn't always work. We need an option without mass installation of scripts. Perhaps some traces remain in AD?
Answer the question
In order to leave comments, you need to log in
A computer that was suddenly abducted by aliens (or hard-wired) for AD at this very moment is no different from those on the network, because AD very rarely asks clients about anything (different services have different intervals and timeouts, but EMNIP has deltas of about 15 minutes there, and clients themselves rarely knock too).
I don’t know any other ways, either during a regular shutdown, we send a message, or after the fact we centrally analyze the Event Log (turning on / restarting after a power outage, Windows itself locally determines and reflects different EventIDs in the logs).
And why should this be done? Do you want to punish those who turn off the PC with a knife switch, and not Start-Shutdown? Or just want all PCs to shut down when employees leave work?
In the latter case, it may be worth considering the option of automatically turning off the PC at a certain time of the day (for example, at 22:00, when no one is guaranteed to work)?
Konstantin Gorodetsky : Did you try to write books? Preferably detectives. To be honest, it's very sad to see in your request "how to do it easier". Log analysis is part of the job of administrators. Tell me how, in your opinion, a de-energized computer will have time to send a signal that it has suddenly !!!!! lost electricity? Think your heart has stopped. You calmly take out your phone .... call 003 ... wait for the application to be received .. and die. It takes a smart pilot to shoot food logs. With firmware, IP address and the ability to work on the network. The same prtg will notify you at least by SMS about a problem. Can tell where the problem came from. There is only one problem!!! He needs smart equipment at all stages of information retrieval.
Think towards Intel AMT. There it seems there is an opportunity, with the appropriate setting, to monitor turned-off PCs on standby.
And I would hang a micro-service on each PC that would hang with a connection to the server on the domain
1) If the PC was turned off hard, the connection will break without sending the FIN packet to the PC
2) If the termination is smooth, the connection will end with the FIN packet
All - in the server part, we monitor those who dropped incorrectly (we indicate the shutdown timeout that we need - otherwise it is large by default), then we write information to the same AD log or write reports, send it to the soap.
Memory on the end PCs must be within a meter (and this upper bounds), CPU and network load zero (just one hanging TCP connection)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question