Windows Desktop Screenshot Monitoring

From Steak Wiki
Revision as of 15:54, 4 February 2020 by Adminguy (talk | contribs)
Jump to navigationJump to search

Here are notes on setting up desktop screen monitoring for Windows 10 (02/2020).

The intention is for this to be a way to monitor users computers, in case they get a virus or do something stupid (or someone unauthorized uses the computer). It is for security and is 0.2 FPS (yes, that's 1 picture every 5 seconds). It is not intended to be a video stream of the user working.

tl;dr Win10 Solution for taking Desktop Screenshots and Serving over LAN

Use this powershell script

[cmdletbinding()]            
param(            
  [string]$Width,            
  [string]$Height,            
  [String]$FileName = "Screenshot"  ,
  [string]$path2 = "c:\LOCATIONTOSAVE\"          

)            
#Function to take screenshot. This function takes the width and height of the screen that # #has            
#to be captured            

function Take-Screenshot{            
[cmdletbinding()]            
param(            
 [Drawing.Rectangle]$bounds,             
 [string]$path            
)             
   $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height            
   $graphics = [Drawing.Graphics]::FromImage($bmp)            
   $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)            
   $bmp.Save($path)            
   $graphics.Dispose()            
   $bmp.Dispose()            
}            

#Function to get the primary monitor resolution.            
#This code is sourced from             
# https://techibee.com/powershell/powershell-script-to-get-desktop-screen-resolution/1615            

function Get-ScreenResolution {            
 $Screens = [system.windows.forms.screen]::AllScreens                        
 foreach ($Screen in $Screens) {            
  $DeviceName = $Screen.DeviceName            
  $Width  = $Screen.Bounds.Width            
  $Height  = $Screen.Bounds.Height            
  $IsPrimary = $Screen.Primary                        
  $OutputObj = New-Object -TypeName PSobject            
  $OutputObj | Add-Member -MemberType NoteProperty -Name DeviceName -Value $DeviceName            
  $OutputObj | Add-Member -MemberType NoteProperty -Name Width -Value $Width            
  $OutputObj | Add-Member -MemberType NoteProperty -Name Height -Value $Height            
  $OutputObj | Add-Member -MemberType NoteProperty -Name IsPrimaryMonitor -Value $IsPrimary            
  $OutputObj                        
 }            
}            

#Main script begins            

#By default captured screenshot will be saved in %temp% folder            
#You can override it here if you want  
#orig          
#$Filepath = join-path $env:temp $FileName 
#edit
$Filepath = join-path $path2 $FileName           

[void] [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")            
[void] [Reflection.Assembly]::LoadWithPartialName("System.Drawing")            

if(!($width -and $height)) {            

 $screen = Get-ScreenResolution | ? {$_.IsPrimaryMonitor -eq $true}            
 $Width = $screen.Width            
 $Height = $screen.height            
}            

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, $Screen.Width, $Screen.Height)            

Take-Screenshot -Bounds $bounds -Path "$Filepath.png"            
#Now you have the screenshot

Call it every 1 minute in task scheduler with this .vbs script (must use vbs to be quiet, and not open a cmd window)

Dim index, count
count = 11
For index = 1 To count
 command = "powershell.exe -nologo -command C:\SCRIPTHERE"
 set shell = CreateObject("WScript.Shell")
 shell.Run command,0
'this is in milliseconds
 WScript.Sleep 5000
Next

In order for this type of script to take a screenshot, it must run as the user "only when he is logged in" per the task scheduler settings. Do not run this in task scheduler as SYSTEM, or whether or not the user is logged in. See details below.

Grab Images via SMB

At this point, you have an updating file which is a screenshot. You can now grab this however you want. If you use something like Zoneminder (which can read an image file as a video stream) or Blue Iris (not sure if that can, but probably), you will have a video stream.

Map the SMB drive to the recording server to grab the file without installing anything. Another option is to use apache w/authentication (or without).

Details

VLC works in Win7 Only

In Windows 7 (I think) you can simply use VLC from the command line. ref: https://www.axis.com/files/tech_notes/Desktop_MJPEG_Screen_Capture.pdf

"C:\Program Files\VideoLAN\VLC\vlc.exe" -I --dummy-quiet screen://  --screen-fps=3   :sout=#transcode{vcodec=MJPG,venc=ffmpeg{qmin=0,qmax=10},vb=800,width=320, height=240,acodec=none}:http{mux=mpjpeg,dst=:8088} :sout-keep

This was tested to work in 2008 server. (NOTE: Doesn't work in win10, without opening a video screen. see below.)

NOTE: make sure to open port in firewall.

test first in localhost on server.

then test remotely.

firewall needs port opened for remote access.

Let's look at other options.

https://github.com/aviloria/ScreenCaptureServer/releases
https://github.com/rdp/screen-capture-recorder-to-video-windows-free

this just looks like a mess. popular, though. doesn't mean anything.

Manual JPEG screen capture and server over HTTP for Win10

After all that, I decided the best solution is to do this manually. Almost future proof.

Some apache server, with a program that just takes screenshots and puts them in the local dir. You can bypass the apache server by using SMB, also. That avoids the need to install apache.

Then Zoneminder, Blueiris, etc... server reads the file.

I tried autoscreen (sourceforge) av gives warnings on autoscreen, which must be wrong.

It doesn't really work because, it saves to a new file all the time. I gave up at this point. Didn't look into this.

Powershell Get Screenshot

I tried a few things, before finding one that worked.

You may to need to allow scripts (or pass the allow to the script in the powershell, i.e. bypassing the execution policy), so:

explains it well

Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force

EDIT: Don't set -Scope current user or you will have to disable it later. It's an entangled set of sub-permissions and if you enable some of them, you can't change the main ones. The scope is sub permissions, RemoteSigned being one of the main permissions.

Keep in mind when saving png, that you may have to write somewhere other than c: which often doesn't have write permissions anymore.

that didn't work trying a different one...

[cmdletbinding()]            
param(            
  [string]$Width,            
  [string]$Height,            
  [String]$FileName = "Screenshot"  ,
  [string]$path2 = "c:\LOCATIONTOSAVE\"          

)            
#Function to take screenshot. This function takes the width and height of the screen that # #has            
#to be captured            

function Take-Screenshot{            
[cmdletbinding()]            
param(            
 [Drawing.Rectangle]$bounds,             
 [string]$path            
)             
   $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height            
   $graphics = [Drawing.Graphics]::FromImage($bmp)            
   $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)            
   $bmp.Save($path)            
   $graphics.Dispose()            
   $bmp.Dispose()            
}            

#Function to get the primary monitor resolution.            
#This code is sourced from             
# https://techibee.com/powershell/powershell-script-to-get-desktop-screen-resolution/1615            

function Get-ScreenResolution {            
 $Screens = [system.windows.forms.screen]::AllScreens                        
 foreach ($Screen in $Screens) {            
  $DeviceName = $Screen.DeviceName            
  $Width  = $Screen.Bounds.Width            
  $Height  = $Screen.Bounds.Height            
  $IsPrimary = $Screen.Primary                        
  $OutputObj = New-Object -TypeName PSobject            
  $OutputObj | Add-Member -MemberType NoteProperty -Name DeviceName -Value $DeviceName            
  $OutputObj | Add-Member -MemberType NoteProperty -Name Width -Value $Width            
  $OutputObj | Add-Member -MemberType NoteProperty -Name Height -Value $Height            
  $OutputObj | Add-Member -MemberType NoteProperty -Name IsPrimaryMonitor -Value $IsPrimary            
  $OutputObj                        
 }            
}            

#Main script begins            

#By default captured screenshot will be saved in %temp% folder            
#You can override it here if you want  
#orig          
#$Filepath = join-path $env:temp $FileName 
#edit
$Filepath = join-path $path2 $FileName           

[void] [Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")            
[void] [Reflection.Assembly]::LoadWithPartialName("System.Drawing")            

if(!($width -and $height)) {            

 $screen = Get-ScreenResolution | ? {$_.IsPrimaryMonitor -eq $true}            
 $Width = $screen.Width            
 $Height = $screen.height            
}            

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, $Screen.Width, $Screen.Height)            

Take-Screenshot -Bounds $bounds -Path "$Filepath.png"            
#Now you have the screenshot

from: https://techibee.com/powershell/powershell-script-to-take-a-screenshot-of-your-desktop/1626

That works, but has some load on a 4 core PC from 2010. Not bad, but not great. I wouldn't run it more than every 10 seconds or so.


A Windows Task Scheduler trigger cannot repeat more often than every 1 minute, but you can set up multiple triggers. To run a task every 10 seconds, add six Triggers. Each one should run the task Daily, and Repeat task every 1 minute. Their start times should be 12:00:00 AM, 12:00:10 AM, 12:00:20 AM, 12:00:30 AM, 12:00:40 AM, and 12:00:50 AM.

from: https://superuser.com/questions/293445/windows-task-scheduler-schedule-task-to-run-once-every-10-seconds

But it's easier to just use a for loop in a script with a delay.

It ends up that the script that calls this in task scheduler must be vbs as it must be quiet. Powershell and cmd, both open boxes, the user will see. This is because the script MUST run as the USER, when they are LOGGED IN. You can't run as system, or another admin. We are taking a screenshot of their desktop, and that env must be setup.

The vbs script that calls the above ps1 powershell might look something like

Dim index, count
count = 11
For index = 1 To count
 command = "powershell.exe -nologo -command C:\SCRIPTHERE"
 set shell = CreateObject("WScript.Shell")
 shell.Run command,0
'this is in milliseconds
 WScript.Sleep 5000
Next

So it runs every 5 seconds for a minute. Then you set it to run in Task Scheduler. Just call it directly, no need to do anything else. Test in cmd line.

You can adjust the PixelFormat to get smaller PNG files in the above ps1 script. I used

$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height, Format16bppRgb555

Improvements

  • Lower Resource Usage
  • Higher FPS
  • Encode to H264 and serve low res stream over RTSP (too bad VLC doesn't work anymore)