Announcement

Collapse
No announcement yet.

Edit a GPO field from a script

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Edit a GPO field from a script

    Hi all,

    Lots of Win7 VMs, that I want to automatically shutdown when a user logs off. My problem is I cannot start gpedit.msc on every machine, and edit user config -> windows settings -> scripts (logon/logoff)

    Simply placing a cmd file in %WINDIR%\System32\GroupPolicy\User\Scripts\Logoff\ also doesn't work - I need to enable the policy somehow.

    AD is not an option in this case.

    So my question is - is there a way, within a script, to place the cmd script in the right location and also update the GPO that uses this cmd file?
    Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

    BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

  • #2
    Re: Edit a GPO field from a script

    What you want to do is:

    *-Copy the cmd file to the ...\scripts\logoff folder on each machine
    *-Manually change the local security policy on that machine to include the script
    *-Export the new security setting as a *.inf file
    *-Use 'secedit' to import that *.inf on each machine

    Check out this link I found thru our friend :
    http://www.itninja.com/blog/view/usi...rity-templates
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: Edit a GPO field from a script

      thanks, secedit was the missing piece here. I was thinking in the direction of creating a .reg file
      Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

      BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

      Comment


      • #4
        Re: Edit a GPO field from a script

        I am not sure the logoff script policy configuration, and the script file itself, will all part of the inf file. You might instead of using secedit, have to copy all content of the %systemroot%\system32\grouppolicy\ folder and replace the content of the grouppolicy folder on the target computers http://www.frickelsoft.net/blog/?p=31 (make backups first).



        note.
        In case you did, the logof script cannot use the shutdown.exe command to shutdown the computer. Regular users are not allowed to shutdown the computer by using a shutdown.exe command.


        /Rems
        Last edited by Rems; 9th June 2012, 19:01.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Edit a GPO field from a script

          Since you mentioned Windows 7 VMs, are you using VMware View, XenDesktop or such?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Edit a GPO field from a script

            RHEV for Desktops actually
            Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

            BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

            Comment


            • #7
              Re: Edit a GPO field from a script

              Ok, that is one of the few I don't know, but I do know that other virtual desktop products can do this like view and xendesktop.
              Is there not an option within the RHEV for Desktops?

              I searched through RHEV for Desktops administration guide, and it seems it isn't possible
              Last edited by Dumber; 15th June 2012, 22:33.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Edit a GPO field from a script

                What do you mean by "this"? A xendesktop or view VM gets turned off when a user logs off?


                I am currently exploring the options of implementing this in RHEV
                Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                Comment


                • #9
                  Re: Edit a GPO field from a script

                  Well it are options within Citrix XenDesktop and VMware View. You can choose what to do when a user logs off. For more info about VMware View
                  http://pubs.vmware.com/view-50/index...8C0791ECC.html

                  Also see a bit more info in this image. Especially the disconnect and power control options
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment

                  Working...
                  X