Sign in to follow this  
Followers 0
Sundance

generate logoff entry

11 posts in this topic

Hiho,

we are working in a domain and all users are getting a logon-script from a domain policy.

This starts a compiled autoit script. In special situations this script must set a local logoff script.

Manually you do this with gpedit.msc and inser the place and the parameters of the script. But i haven't found a solution to do this with autoit. I tried to write some registry keys and modified the scripts.ini but windows doesn't recognize it.

Someone a hint for me???

Share this post


Link to post
Share on other sites



shutdown(0)

log off's the curent user :)

Share this post


Link to post
Share on other sites

Very funny.

Don't think you understood what i mean. You know what a logoff script is?

if the user does a logoff, then this script will be automatically started.

Hope i expanded your horizon of knowledge...

Share this post


Link to post
Share on other sites

sorry for the misunderstanding.

I don't know the code, but remember that you've run the gpupdate command. Because otherwise it won't have effect with the same login session. (I think)

maybe you can use the controlclick and controlsend commands to navigate in gpedit. When you want the user don't see any window, you can hide the gpedit window...

Share this post


Link to post
Share on other sites

Here's an idea: Set up a GPO for all of your users, or some subset, that runs a logoff script. Then have your logoff script check something on the system (a registry key, the value of an INI file, etc.). If the registry setting or INI file setting isn't correct, then have the logoff script immediately quit. If it is correct, then the script runs. Then you can set the value to make the script run from your logon script. The advantage with this is that as much as possible is being managed from the domain, and you are not having to manage logoff scripts on individual workstations.

Something else to consider is that if you have a Windows 2003 AD domain, you can use WMI to determine if the logoff script GPO applies. Probably you can get your WMI query to check a registry value itself, which you could set from the logon script. This would prevent every machine from having to launch the logoff script, though you trade off that the WMI query has to be done. I don't know which of these two options is better from a performance standpoint.


BlueBearrOddly enough, this is what I do for fun.

Share this post


Link to post
Share on other sites

Many thx for the usefull inputs you both gave me!

Gonna think about it and search for the gpupdate command and the other tips.

thx again!

Sundance

Share this post


Link to post
Share on other sites

gpupdate.exe hasn't recognized the modifications i did to the registry and the scripts.ini .

So the computer doesn't like my approach of 'manually' adding a local group policy.

Is there a possibility of setting a group policy with the help of WMI? Haven't found anything.

To control gpedit.exe with autoit would be the last solution i would try but better then nothing :-)

Share this post


Link to post
Share on other sites

My idea was to set a group policy with a log off script at the domain, site or OU level, not on the individual workstation. Then you could either use a WMI filter (see this page for a description) to determine whether to apply the policy and thus fire the script.

However, it is probably easier to have the log off script run for everyone and then just quit quickly if it doesn't need to run. Something like:

$regTest = RegRead("HKLM\Software\MyCompany\Scripts\Script001", "RunMe")
If Not $RegTest = "Yes" Then
    Exit 1
EndIf

; Start real work

BlueBearrOddly enough, this is what I do for fun.

Share this post


Link to post
Share on other sites

It seems the only solution to do so. The goal was to keep the client as clean as possible. So there is only a logon script which is set in the domain and the logon script looks if the client needs a logoff script. If it is needed, then activate the logoff script.

So it seems we just activate the logoff script on every computer. The script on its own looks if any action should be taken..

Thx for the replys...

Share this post


Link to post
Share on other sites

make the changes on any PC, export the list as CSV or simple textfile, and import it back into the new computer..

I'm sure there's resourcekit tools (or maybe even native commandline tools) that do just this job..

if you don't find it I'll help you look :)


Share this post


Link to post
Share on other sites

Thank you for the info. We will insert the logoff script on every pc and let the script decide what to do.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0