What's new

The End Session policy and all user accounts

balubeto

New Member
Hi

In Windows 8 Enterprise 64-bit, how come if I add a script to this policy "User Configuration ---> Windows Settings ---> Scripts (Logon/Logoff) ---> End Session", this script applies only to the current account, and not to all accounts?

Thanks

Bye
 

graye

Member
Are you doing this via the Local Group Policy Editor, or via an Active Directory Group Policy Object?

What is the path to your script in the Logoff section? Is it available to everyone?
 
OP
B

balubeto

New Member
Are you doing this via the Local Group Policy Editor, or via an Active Directory Group Policy Object?

What is the path to your script in the Logoff section? Is it available to everyone?
In Windows 8 Enterprise 64-bit, I have applied the "End Session" policy using the LGPO and it writes on the registry:

Code:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
"DisplayName"="Criteri gruppo locale"
"GPOName"="Criteri gruppo locale"
"PSScriptOrder"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0\0]
"Script"="C:\\Windows\\System32\\reg.exe"
"Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
"IsPowershell"=dword:00000000
"ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
"DisplayName"="Criteri gruppo locale"
"GPOName"="Criteri gruppo locale"
"PSScriptOrder"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0\0]
"Script"="C:\\Windows\\System32\\reg.exe"
"Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
"ExecTime"=hex(b):dd,07,05,00,01,00,1b,00,11,00,03,00,18,00,d2,00
"ErrorCode"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
"DisplayName"="Criteri gruppo locale"
"GPOName"="Criteri gruppo locale"
"PSScriptOrder"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3137485388-3153590309-3382964295-1001\Scripts\Logoff\0\0]
"Script"="C:\\Windows\\System32\\reg.exe"
"Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
"ExecTime"=hex(b):dd,07,05,00,01,00,1b,00,11,00,03,00,18,00,d2,00
"ErrorCode"=dword:00000000
[HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff]
[HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\Windows\\System32\\GroupPolicy\\User"
"DisplayName"="Criteri gruppo locale"
"GPOName"="Criteri gruppo locale"
"PSScriptOrder"=dword:00000001
[HKEY_USERS\S-1-5-21-3137485388-3153590309-3382964295-1001\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\0\0]
"Script"="C:\\Windows\\System32\\reg.exe"
"Parameters"="add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f"
"IsPowershell"=dword:00000000
"ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
Now, as I should do so that these keys are automatically applied to each user of the system and to each edition of Windows 8.

By chance, is there some trick to do this?

Thanks

Bye
 

jnjroach

Administrator
Staff member
I would make sure your log off script is in a location that all users have rights and permissions such as C:\Scripts and assign at least read and execute permissions to the script. I've had many a desktop or AD Admin store the scripts in their Documents folder and it works great for them but cant figure out why it doesn't work for anyone else.
 
OP
B

balubeto

New Member
I would make sure your log off script is in a location that all users have rights and permissions such as C:\Scripts and assign at least read and execute permissions to the script. I've had many a desktop or AD Admin store the scripts in their Documents folder and it works great for them but cant figure out why it doesn't work for anyone else.
Because the shutdown policy is applied to all users, there is a way to change my command so that, when a user logs off, the value of the Enabled entry is changed?
Thanks
Bye
 
OP
B

balubeto

New Member
I can not understand why if I edit the registry in this way:

Code:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,C:\\Windows\\System32\\reg.exe add HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\LogonUI\\UserSwitch /v Enabled /t REG_DWORD /d 1 /f,"
"LegalNoticeText"=""
"Shell"="explorer.exe"
"LegalNoticeCaption"=""
"DebugServerCommand"="no"
"ForceUnlockLogon"=dword:00000000
"ReportBootOk"="1"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"AutoRestartShell"=dword:00000001
"PowerdownAfterShutdown"="0"
"ShutdownWithoutLogon"="0"
"Background"="0 0 0"
"PasswordExpiryWarning"=dword:00000005
"CachedLogonsCount"="10"
"WinStationsDisabled"="0"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"scremoveoption"="0"
"DisableCAD"=dword:00000001
"ShutdownFlags"=dword:80000027
"EnableFirstLogonAnimation"=dword:00000001
"AutoLogonSID"="S-1-5-21-3137485388-3153590309-3382964295-1001"
"LastUsedUsername"="Balubeto_Balubeto"
"AutoAdminLogon"="0"
"DefaultUserName"="Balubeto_Balubeto"
the screen, which displays all accounts, does not appear.

Thanks

Bye
 
Search tags for this page
legalnoticetext active directory 2012

psscriptorder

psscriptorder registry
reg.exe add hex(b)
Top