Tixx Posted February 21, 2018 Share Posted February 21, 2018 Hi, Bit of a background: Im trying to push a policy acceptance window to all users when they log in to windows which they have to accept before proceeding to use the machine. Initially i wanted to kill the explorer process, rename it via reg so that everything blanks out and only the policy window is open. RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "killed") ProcessClose("explorer.exe") Then once accepted, restart the explorer process like so RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "explorer.exe") ProcessClose("explorer.exe") ProcessWaitClose("explorer.exe") Run("explorer.exe") However this doesnt work unless it runs in elevated admin mode with windows 10 UAC which i cant do as the script runs in user context upon login. The alternative solution is to blank out all monitors except the primary and show the policy window on there with the GUICreate $WS_EX_TOPMOST function. Ive found a few scripts to blank out monitors online but they seem buggy and most will turn off all monitors, not specific ones. Any help on how i can achieve this would be great. (and if you can suggest an alternative on the original solution, would be awesome too!) Thanks Link to comment Share on other sites More sharing options...
Subz Posted February 21, 2018 Share Posted February 21, 2018 Create an ActiveSetup Script, that prompts the user to accept the policy, this will only happen once for that user account prior to them getting to the desktop. If you want it to run everytime a user logs in, then delete the ActiveSetup Guid with the script in the HKCU hive afterwards, using Run. For Example: Save your script to: C:\Program Files (x86)\YourScript\YourScript.exe Or \\Domain.com\SYSVOL\Domain.com\Scripts\YourScript.exe Create a Registry Key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Your Unique Guid Here} ;~ You can get this from here: https://www.guidgenerator.com/online-guid-generator.aspx I normally append a suffix to make it unique example: {6048702b-1b1e-45b2-8d26-792e02f694cc}_Au3 StubPath="<Path to your Script.exe>" Version="18,2,22,0" Now when a user logs on the script should run prior to them reaching the desktop, when they click OK (assuming MsgBox) it will add the version to: HKCU\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Your Unique Guid Here} Version="18,2,22,0" If you update the HKLM Version it will re-run, however you can also just delete the HKCU version and it will re-run. Anyway I hope that made sense. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now