Suspect someone using your logging in to your Windows 10 machine?
Get the photo proof – all hidden away ready for you to inspect later.
What you will need:
- Windows 10
- EventGhost – Free
- CommandCam – Free
- Google Drive FileStream access – Work (this can be tailored for any other remote file access locations, however I am using Google Filestream).
- Text Editor
When I first started to look in to this little issue I found this resource, but it was not entirely suitable for my needs but it gave me a starting point – Ive added here as a reference for anyone that needs it.
There are a few limitations to what CommandCam could do but its basic function of taking a pic is all we need here, the rest can be fixed with a good ol batch file.
The issues I found were with file naming (not overwriting the same file), and executing the code when people login to your machine (as most machines are logged in most of the time).
- Ensure you have a mapped drive if you are using Google File Stream (or use locally).
- Create a folder on the mapped dive or locally, something like: LoginCapture. This folder will hold the images that can be accesses remotely (if stored remotely) and hold the executable files for the application.
- Download CommandCam, and copy the .exe to the location.
- Download EventGhost and install.
- Open your favorite text editor and save a new file as commandcam.bat to the location with the CommandCam.exe – this is going to be our executable file that runs the application and renames the saved file based on date and time of execution.Now copy the following in the the commandcam.bat and ensure its saved to the location with the .exe above.
@echo off CommandCam.exe for /F "tokens=2" %%i in ('date /t') do set mydate=%%i set mydate=%mydate:/=-% set mytime=%time::=-% set filename=%mydate%-%mytime%.bmp ren image.bmp %filename%
- The code will run CommandCam.exe
- Creates a variable that sores the current date and time
- Renames the standard image.bmp to the new variable name
The Event Ghost Setup
- Open Event Ghost
- ** Important** Select “File” > “Options” – tick Autostart, and Minimise to tray on close and save (or this wont run on startup or shutdown) – make sure this works and doesn’t close.
- Click “Add Folder” (to store all your Macros in).
- Click “Add Macro”
- Select System > Start Application
- Browse to the location of the commandcam.bat you saved earlier, and select commandcam.bat.
- Select the working directory of the same folder.
- Window options: Hidden (this will prevent it from popping up when it runs).
- Select “Test” and you will see a new file in the folder (with your face, hopefully) – now select ‘Apply’ and ‘OK’.
- Now lock your computer, and sign back in (don’t log out).
- You will notice in the EventGhost Log “System.SessionLock[‘u’stuar’] – select one and drag it to the configuration on the right ensure its the first one in order – this is the trigger event – see image.
- Now hit file and save in EventGhost and save the config file to the same location as the other files (for ease).
Testing the Setup
- Easy, logo out… login … see what you have 🙂
Issues you will find:
The camera has a light, what now?.. now without going in to the hardware and disabling the light you’ll have to get creative. Find where its coming from and use a few small stickers that you match with the colour of your device and put them over where it come from…
Need to find the startup folder on Windows 10? …go to Start, Run: shell:startup
Wouldn’t it be nice to take a little screen shot of whats going on at the same time…?
You can with a small modification to the batch file, and
@echo off CommandCam.exe for /F "tokens=2" %%i in ('date /t') do set mydate=%%i set mydate=%mydate:/=-% set mytime=%time::=-% set filename=%mydate%-%mytime%.bmp set screencap=%mydate%-%mytime%.png ren image.bmp %filename% nircmd.exe cmdwait 5000 savescreenshot %screencap%