The End Session policy and all user accounts

Discussion in 'Windows 8 Forum' started by balubeto, May 26, 2013.

  1. balubeto

    balubeto New Member

    Joined:
    May 24, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Hi

    In Windows 8 Enterprise 64-bit, how come if I add a script to this policy "User Configuration ---> Windows Settings ---> Scripts (Logon/Logoff) ---> End Session", this script applies only to the current account, and not to all accounts?

    Thanks

    Bye
     
  2. graye

    graye Member

    Joined:
    Nov 1, 2012
    Messages:
    77
    Likes Received:
    17
    Trophy Points:
    8
    Are you doing this via the Local Group Policy Editor, or via an Active Directory Group Policy Object?

    What is the path to your script in the Logoff section? Is it available to everyone?
     
  3. balubeto

    balubeto New Member

    Joined:
    May 24, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    In Windows 8 Enterprise 64-bit, I have applied the "End Session" policy using the LGPO and it writes on the registry:

    Code:
    Windows Registry Editor Version 5.00
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0]
    "GPO-ID"="LocalGPO"
    "SOM-ID"="Local"
    "FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
    "DisplayName"="Criteri gruppo locale"
    "GPOName"="Criteri gruppo locale"
    "PSScriptOrder"=dword:00000001
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0\0]
    "Script"="C:\\Windows\\System32\\reg.exe"
    "Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
    "IsPowershell"=dword:00000000
    "ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0]
    "GPO-ID"="LocalGPO"
    "SOM-ID"="Local"
    "FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
    "DisplayName"="Criteri gruppo locale"
    "GPOName"="Criteri gruppo locale"
    "PSScriptOrder"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0\0]
    "Script"="C:\\Windows\\System32\\reg.exe"
    "Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
    "ExecTime"=hex(b):dd,07,05,00,01,00,1b,00,11,00,03,00,18,00,d2,00
    "ErrorCode"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0]
    "GPO-ID"="LocalGPO"
    "SOM-ID"="Local"
    "FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
    "DisplayName"="Criteri gruppo locale"
    "GPOName"="Criteri gruppo locale"
    "PSScriptOrder"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0\0]
    "Script"="C:\\Windows\\System32\\reg.exe"
    "Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
    "ExecTime"=hex(b):dd,07,05,00,01,00,1b,00,11,00,03,00,18,00,d2,00
    "ErrorCode"=dword:00000000
    [HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff]
    [HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0]
    "GPO-ID"="LocalGPO"
    "SOM-ID"="Local"
    "FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
    "DisplayName"="Criteri gruppo locale"
    "GPOName"="Criteri gruppo locale"
    "PSScriptOrder"=dword:00000001
    [HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0\0]
    "Script"="C:\\Windows\\System32\\reg.exe"
    "Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
    "IsPowershell"=dword:00000000
    "ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
    
    Now, as I should do so that these keys are automatically applied to each user of the system and to each edition of Windows 8.

    By chance, is there some trick to do this?

    Thanks

    Bye
     
  4. balubeto

    balubeto New Member

    Joined:
    May 24, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    So, someone had a brilliant idea to solve this?

    Thanks

    Bye
     
  5. jnjroach

    jnjroach Administrator Staff Member

    Joined:
    Nov 9, 2012
    Messages:
    7,095
    Likes Received:
    1,724
    Trophy Points:
    113
    Location:
    Seattle, WA USA
    My Device:
    Surface Book
    I would make sure your log off script is in a location that all users have rights and permissions such as C:\Scripts and assign at least read and execute permissions to the script. I've had many a desktop or AD Admin store the scripts in their Documents folder and it works great for them but cant figure out why it doesn't work for anyone else.
     
  6. balubeto

    balubeto New Member

    Joined:
    May 24, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    Because the shutdown policy is applied to all users, there is a way to change my command so that, when a user logs off, the value of the Enabled entry is changed?
    Thanks
    Bye
     
  7. balubeto

    balubeto New Member

    Joined:
    May 24, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    0
    I can not understand why if I edit the registry in this way:

    Code:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\reg.exe add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f,"
    "LegalNoticeText"=""
    "Shell"="explorer.exe"
    "LegalNoticeCaption"=""
    "DebugServerCommand"="no"
    "ForceUnlockLogon"=dword:00000000
    "ReportBootOk"="1"
    "VMApplet"="SystemPropertiesPerformance.exe /pagefile"
    "AutoRestartShell"=dword:00000001
    "PowerdownAfterShutdown"="0"
    "ShutdownWithoutLogon"="0"
    "Background"="0 0 0"
    "PasswordExpiryWarning"=dword:00000005
    "CachedLogonsCount"="10"
    "WinStationsDisabled"="0"
    "PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
    "scremoveoption"="0"
    "DisableCAD"=dword:00000001
    "ShutdownFlags"=dword:80000027
    "EnableFirstLogonAnimation"=dword:00000001
    "AutoLogonSID"="S-1-5-21-3137485388-3153590309-3382964295-1001"
    "LastUsedUsername"="Balubeto_Balubeto"
    "AutoAdminLogon"="0"
    "DefaultUserName"="Balubeto_Balubeto"
    
    the screen, which displays all accounts, does not appear.

    Thanks

    Bye
     

Share This Page

Search tags for this page
legalnoticetext active directory 2012
,

psscriptorder

,
psscriptorder registry
,
reg.exe add hex(b)