How to find my actual login events in the Windows Event Viewer

July 16, 2020 Torleif 3 Comments

I have an Excel sheet where I not down the time I arrive at work and the time I leave. It tends to vary a bit, and on a regular basis I forget noting down the time I arrived. At my previous job I used a simple tool called TurnedOnTimesView for this, but because the laptops here are managed differently, it isn’t as reliable as it was. So, I figured I could try to enter the scary world of the Event Viewer.

In the Event Viewer you can create custom filtered views, and I first thought it would be as simple as looking for “Logon” events… but that filter gave me a mountain of logon events, most of which seemed to be various system events, and even IWA events from browsers logging on to company websites. Basically, there was a lot of noise.

Eventually though, digging out some old XPath skills, and identifying some key identifiers (EventID=4648 and ProcessName=lsass), I managed to come up with a query that actually seem to be quite accurate:

<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[
System[
(TimeCreated[timediff(@SystemTime) <= 604800000]) and
(Provider[@Name='Microsoft-Windows-Security-Auditing']) and
(EventID=4648)
] and
EventData[
(Data[@Name='ProcessName'] = 'C:\Windows\System32\lsass.exe') and
(Data[@Name='TargetDomainName'] = 'YOUR DOMAIN') and
(Data[@Name='TargetUserName'] = 'YOUR USERNAME')
]
]
</Select>
</Query>
</QueryList>

This, unless I have misunderstood something, should list all actual login events, by you, within the last week. I.e. not various services, HTTP stuff, etc., etc.

Software Development

Natural sort in Javascript

October 6, 2019 Torleif 7 Comments

Sorting strings naturally/numerically in Javascript is very simple. You just need to remember the existence of the Intl.Collator… which I keep forgetting…

You simply create one and use its compare function:

const collator = new Intl.Collator(undefined, {
usage: 'sort',
numeric: true
})

const simple = ['a1', 'a12', 'a2']
simple.sort(collator.compare)
// => ['a1', 'a2', 'a12']

const objects = [{"id": "a1"}, {"id": "a12"}, {"id": "a2"}]
const by = (key) => (a, b) => collator.compare(a[key], b[key])
objects.sort(by('id'))
// => [{id: 'a1'}, {id: 'a2'}, {id: 'a12'}]

Software Development

Git: Move accidental commit to new branch

August 19, 2019 Torleif Leave a comment

Sometimes I forget to create a new feature branch, and accidentally commit to master. Keep having to look up how to fix it…

# From master, create new branch, which will include the accidental commits
git branch feature/foobar

# Move master HEAD back, which will remove the commits from there
git reset --hard HEAD~1

# Checkout feature branch, where the commits should still exist
git checkout feature/foobar

Technology

How to rename bluetooth device in Windows 10

July 11, 2019 Torleif Leave a comment

When my wireless QC30 headset connects to a device, it reads out “connected to [device-name]”. This is handy, but when for example connecting to my work laptop, which has a rather long cryptic alphanumeric name, it gets annoying instead. And since it’s a work laptop, I can’t just change the name of the device either, and frankly, I don’t want to have to do that either. I just want my device to have a different name specific to bluetooth. Turns out, you can actually do that:

Run devmgmt.msc
Find your bluetooth adapter under Device Manager / Bluetooth
E.g. mine is called Intel(R) Wireless Bluetooth(R)
Right-click and choose Properties
Go to the Advanced tab
Change Name
Hit OK

And it’s done. ðŸ‘

Source: comment @ intowindows.com

Software Development

How to make FireFox trust what Windows trusts

July 4, 2019 Torleif Leave a comment

I like to use FireFox Developer Edition, and today I discovered that root certificates and such added to Windows (to trust self-signed certificates used with dev-servers, etc.) apparently are ignored by FireFox. At least by default: