/build/static/layout/Breadcrumb_cap_w.png

Including a Logoff Script in a package

This is something of a scripting question, but regarding a script I would like to include in a package. I am currently working on packaging an auditing tool for 100+ remote employees. One of the customer's requirements is a backup of the auditing files everytime the user logs off their laptop, whether they are connected to the domain or not. This is due to the time consuming nature of re-entering the info if the laptop crashes (3 hours for some).

So I have the package more or less built. I wrote a quick VBScript called Backup.vbs that essentially copies the audit files to a thumb drive that is hard-coded to use drive letter z:\. The script keeps 3 generations of files, to minimize the chance of corruption. I have confirmed the backup script itself works, and when I manually create a Logoff script with GPedit.msc and point to this backup script, it executes perfectly.

The problem comes into incorporating this into my package. I took a snapshot of all registry entries generated when I create the policy manually, and wrote another VBScript to add these upon install (see below). I confirmed that the script installs the registry entries, and can see the message "running logoff scripts" when logging off, but the backup script never executes. Most annoying of all, if I open GPEdit.msc, go to User Config>Windows Settings>Scripts>Logoff, and hit refresh, it then begins working! There must be some minute detail I am missing. Has anyone ever done this successfully, or have any thoughts? I'm getting close to offering a reward on this one.

<Start Script>
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")

strKeyPath1 = "Software\Policies\Microsoft\Windows"
strKeyPath2 = "Software\Policies\Microsoft\Windows\System"
strKeyPath3 = "Software\Policies\Microsoft\Windows\System\Scripts"
strKeyPath4 = "Software\Policies\Microsoft\Windows\System\Scripts\Logoff"
strKeyPath5 = "Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0"
strKeyPath6 = "Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0"
strValueName1 = "DisplayName"
strValueName2 = "FileSysPath"
strValueName3 = "GPO-ID"
strValueName4 = "GPOName"
strValueName5 = "SOM-ID"
strValueName6 = "Parameters"
strValueName7 = "Script"

strValue1 = "Local Group Policy"
strValue2 = "C:\Windows\System32\GroupPolicy\User"
strValue3 = "LocalGPO"
strValue4 = "Local Group Policy"
strValue5 = "Local"
strValue6 = ""
strValue7 = "Backup.vbs"

oReg.CreateKey HKEY_CURRENT_USER,strKeyPath3
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath4
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath5
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath6
oReg.SetStringValue HKEY_Current_USER,strKeyPath5,strValueName1,strValue1
oReg.SetStringValue HKEY_Current_USER,strKeyPath5,strValueName2,strValue2
oReg.SetStringValue HKEY_Current_USER,strKeyPath5,strValueName3,strValue3
oReg.SetStringValue HKEY_Current_USER,strKeyPath5,strValueName4,strValue4
oReg.SetStringValue HKEY_Current_USER,strKeyPath5,strValueName5,strValue5
oReg.SetStringValue HKEY_Current_USER,strKeyPath6,strValueName6,strValue6
oReg.SetStringValue HKEY_Current_USER,strKeyPath6,strValueName7,strValue7
<End Script>
Asked 15 years ago 2564 views
0 Comments   [ + ] Show comments

Answers (4)

Posted by: aogilmor 15 years ago
9th Degree Black Belt
0
methinks you need to rethink what you're doing, and how you're doing it. To be honest, this looks like a horrible mess. "Auditing Tool"? This is part of the operating system. You, the administrator, can build into the operating system what you want audited, down to a fine level of detail.
Posted by: JLogan3o13 15 years ago
Yellow Belt
0
Sorry, perhaps I did not explain well enough. The auditing tool is the application I am repackaging. In this case, an Insurance Claims Examiner goes out to a business site and audits that site for worker's compensation safety. The Examiner then uses the audit application to enter the data and present a hard copy of the audit to the insured. This audit finding greatly affects the premium the insured pays.

You are correct in that this is not the ideal situation. I would much prefer to create an A.D. security group, add the users of the application to this group, and then set a logoff script policy on the group. However, as the users are not always on the domain, and domain policies are not cached, this is not ideal. A local policy is the only option I am aware of in order to meet the needs of the customer (namely, that the audit file is backed up at every logoff).

Thanks for the response, though.
Posted by: pgiesbergen 15 years ago
Orange Belt
0
I you insist on using this method, what happens if you run a gpupdate after the script/ at the end of the script?
Posted by: aogilmor 15 years ago
9th Degree Black Belt
0
OK I understand, so there is one file you have to have backed up before logoff and these are the actual reg keys where the policy is applied. I still think you should probably use something like secedit and have a consistent network drive to back up to.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ