Click here to get back home

getting users to logoff
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
getting users to logoff Computerguy 01-14-2008
Posted by Al Dunbar on January 17, 2008, 10:27 pm
Please log in for more thread options
>
>
>
>
>
>
> > Hello,
>
> > this is not really a security issue, but more a functionnal issue.
> > Roaming profile won't get updated, as it is updated at logoff.
>
> > We use a vbscript to reboot stations, which force logoff on the way.
> > You may change the code to only logoff without shutting down the pc
> > Are you intereseted in ?
>
> > --
> > Cordialement,
> > Mathieu CHATEAU
> > English blog:http://lordoftheping.blogspot.com
> > French blog:http://www.lotp.fr
>
>
>
> > > Is there any security threat to the following ?
> > > - windows xp2 is locked (have to enter Ctrl+Alt+Del)
> > > - servers setup to disconnect users at 10:00 PM
>
> > > For electricity savings reasons we are starting to request users
> > > logoff and shutdown at the end of the day. Right now we have users
> > > who forget to logoff, but their PC will go to the Windows XP locked
> > > screen. If we are in the wrong forum please let us know to repost.
> > > Thanks.- Hide quoted text -
>
> > - Show quoted text -
>
> Mr. Chateau,
>
> We are interested in anything to get staff to exit the network. I
> almost forget we have files synching at logoff to their directory and
> if they never logoff..... We have Altiris and tried assigning a job
> to restart at 10:00 PM, but when users do shutdown they would come in
> the next day and after powering on the computer they are greeted by
> the same shutdown job that powers off their computer. At first we
> were looking for software. We would welcome a script to somehow
> remove users from the network at a certain time.
>
> ===> If you don't get a scripted solution to force users to do what
> company
> policy tells them they should do, you could run a job at 10pm that checks
> to
> see which workstations are logged on. 'net view' will do this, but the
> output might need to be filtered to include only workstations at your
> location. A further step would be to also determine who is logged in at
> each
> workstation - a bit trickier but doable.
>
> Then for the first week or two you send each person logged in (or the
> owners
> of the powered on computers) an email reminding them of the company
> policy,
> and that a report of powered on workstations/logged in users will be sent
> to
> the president (or whomever).
>
> /Al- Hide quoted text -
>
> - Show quoted text -

Mr. Dunbar,

Users cannot login before 6:00 AM. I come in a couple times a week
early to do things (best time is to get things done when there is no
one on the network). We can see the users still logged in and send an
email to the supervisors. We have been doing this for 2 years and we
have the same 10 to 15 people who repeat.

===> Yes, I am familiar with the phenomenon of the users who routinely
refuse to follow suggested best practices. That is why I suggested the
reference to company policy.

But in reviewing the thread I see that you initially said that the goal was
one of electrical power savings. If the power bill is paid from *your*
budget, look for some way to implement a charge back for workstations left
on. Failing that, shutdown the server every Wednesday and tell people that
since you are getting no cooperation from users to shutdown their computers
when they are not using them, and not getting additional funding for the
increased power costs, this is your only option. If upper management says
that that is not appropriate, tell them that they need to either get the
users to help, or pay for the power used.

If the power bill is paid from someone else's budget, send that
person/department, copies of the emails you have been sending for 2 years,
and cc them any of these messages you send in the future. If you have done
your best, but are just getting poor support, well, at least you've done
your best.

But let me ask you this: how much does it cost to leave those 15 computers
on all the time? And is this *your* initiative, or something you have been
tasked with? I hate to rain on your parade, but if your primary function is
to support your company's infrastructure, taking it upon yourself to get
people to shutdown computers to save money is likely inappropriate. Do you
check to make sure their coffee machines are off after hours?

/Al



Posted by Computerguy on January 21, 2008, 1:41 pm
Please log in for more thread options
>
>
>
>
>
>
>

>
> > > Hello,
>
> > > this is not really a security issue, but more a functionnal issue.
> > > Roaming profile won't get updated, as it is updated at logoff.
>
> > > We use a vbscript to reboot stations, which force logoff on the way.
> > > You may change the code to only logoff without shutting down the pc
> > > Are you intereseted in ?
>
> > > --
> > > Cordialement,
> > > Mathieu CHATEAU
> > > English blog:http://lordoftheping.blogspot.com
> > > French blog:http://www.lotp.fr
>
>
..
>
> > > > Is there any security threat to the following ?
> > > > - windows xp2 is locked (have to enter Ctrl+Alt+Del)
> > > > - servers setup to disconnect users at 10:00 PM
>
> > > > For electricity savings reasons we are starting to request users
> > > > logoff and shutdown at the end of the day. Right now we have users
> > > > who forget to logoff, but their PC will go to the Windows XP locked
> > > > screen. If we are in the wrong forum please let us know to repost.
> > > > Thanks.- Hide quoted text -
>
> > > - Show quoted text -
>
> > Mr. Chateau,
>
> > We are interested in anything to get staff to exit the network. I
> > almost forget we have files synching at logoff to their directory and
> > if they never logoff..... We have Altiris and tried assigning a job
> > to restart at 10:00 PM, but when users do shutdown they would come in
> > the next day and after powering on the computer they are greeted by
> > the same shutdown job that powers off their computer. At first we
> > were looking for software. We would welcome a script to somehow
> > remove users from the network at a certain time.
>
> > =3D=3D=3D> If you don't get a scripted solution to force users to do wha=
t
> > company
> > policy tells them they should do, you could run a job at 10pm that check=
s
> > to
> > see which workstations are logged on. 'net view' will do this, but the
> > output might need to be filtered to include only workstations at your
> > location. A further step would be to also determine who is logged in at
> > each
> > workstation - a bit trickier but doable.
>
> > Then for the first week or two you send each person logged in (or the
> > owners
> > of the powered on computers) an email reminding them of the company
> > policy,
> > and that a report of powered on workstations/logged in users will be sen=
t
> > to
> > the president (or whomever).
>
> > /Al- Hide quoted text -
>
> > - Show quoted text -
>
> Mr. Dunbar,
>
> =A0 =A0Users cannot login before 6:00 AM. =A0I come in a couple times a we=
ek
> early to do things (best time is to get things done when there is no
> one on the network). =A0We can see the users still logged in and send an
> email to the supervisors. =A0We have been doing this for 2 years and we
> have the same 10 to 15 people who repeat.
>
> =3D=3D=3D> Yes, I am familiar with the phenomenon of the users who routine=
ly
> refuse to follow suggested best practices. That is why I suggested the
> reference to company policy.
>
> But in reviewing the thread I see that you initially said that the goal wa=
s
> one of electrical power savings. If the power bill is paid from *your*
> budget, look for some way to implement a charge back for workstations left=

> on. Failing that, shutdown the server every Wednesday and tell people that=

> since you are getting no cooperation from users to shutdown their computer=
s
> when they are not using them, and not getting additional funding for the
> increased power costs, this is your only option. If upper management says
> that that is not appropriate, tell them that they need to either get the
> users to help, or pay for the power used.
>
> If the power bill is paid from someone else's budget, send that
> person/department, copies of the emails you have been sending for 2 years,=

> and cc them any of these messages you send in the future. If you have done=

> your best, but are just getting poor support, well, at least you've done
> your best.
>
> But let me ask you this: how much does it cost to leave those 15 computers=

> on all the time? And is this *your* initiative, or something you have been=

> tasked with? I hate to rain on your parade, but if your primary function i=
s
> to support your company's infrastructure, taking it upon yourself to get
> people to shutdown computers to save money is likely inappropriate. Do you=

> check to make sure their coffee machines are off after hours?
>
> /Al- Hide quoted text -
>
> - Show quoted text -

We are doing what one of our sending district's is doing and it just
part of a bigger picture of cost savings. We are also talking around
300 to 400 computers overall. None of the lab computers get shutdown
(about 250 right there) you will get a most users to logoff, but not
shutdown. Our overall objective eventually is to get users to
shutdown. We have different higher ups requiring different things.
Shutting down would take care of everything, but we (in the tech
department) would like them to logoff for security reasons.

Posted by Mathieu CHATEAU on January 17, 2008, 12:34 pm
Please log in for more thread options
Here is the vbscript.
Hopes that newsgroups reader won't kill the carrier returns...

Just change:
ou=Mystations,dc=mydomain,dc=com to match your OU.
C:\Scripts\LogOff\LogOff.log to a correct path for the log.
This will logoff users on workstations


Const ForWriting = 2
strComputerContainer = "ou=Mystations,dc=mydomain,dc=com"


Set objContainer = GetObject("LDAP://" & strComputerContainer)
objContainer.Filter = Array("Computer")

Set objFSO = CreateObject ("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile ("C:\Scripts\LogOff\LogOff.log",
ForWriting)
Set StdOut = WScript.StdOut
Set objShell = CreateObject("WScript.Shell")

On Error Resume Next

For Each objComputer In objContainer

strComputer = Split(objComputer.Name, "=")(1)


Set objScriptExec = objShell.Exec("ping " & strComputer)
strPingResults = LCase(objScriptExec.StdOut.ReadAll)
objFile.Write (Now & VbCrLf)

If InStr(strPingResults, "reply from") Then
objFile.Write ("Ping " & strComputer & " OK" & VbCrLf)
Err.Clear
Set objWMIService = GetObject("winmgmts:" & _
"!\" & strComputer & "\root\cimv2")

If Err.Number Then
objFile.Write ("Acces WMI " & strComputer & " Error" & VbCrLf)
objFile.Write ("Type d'Erreur : " & Err.Number & ": " & Err.Description &
VbCrLf)
Err.Clear
Else

Const SHUTDOWN = 4
objFile.Write ("Acces WMI " & strComputer & " OK" & VbCrLf)
Set objWMIService = GetObject("winmgmts:" _
& "!\" & strComputer &
"\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery _
("SELECT * FROM Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
ObjOperatingSystem.Win32Shutdown(SHUTDOWN)
Next

End If
Else
objFile.Write ("Ping " & strComputer & " Error" & VbCrLf)
End If
Next
objFile.Close


--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr


> Hello,
>
> this is not really a security issue, but more a functionnal issue.
> Roaming profile won't get updated, as it is updated at logoff.
>
> We use a vbscript to reboot stations, which force logoff on the way.
> You may change the code to only logoff without shutting down the pc
> Are you intereseted in ?
>
> --
> Cordialement,
> Mathieu CHATEAU
> English blog:http://lordoftheping.blogspot.com
> French blog:http://www.lotp.fr
>
>
>
>
>
> > Is there any security threat to the following ?
> > - windows xp2 is locked (have to enter Ctrl+Alt+Del)
> > - servers setup to disconnect users at 10:00 PM
>
> > For electricity savings reasons we are starting to request users
> > logoff and shutdown at the end of the day. Right now we have users
> > who forget to logoff, but their PC will go to the Windows XP locked
> > screen. If we are in the wrong forum please let us know to repost.
> > Thanks.- Hide quoted text -
>
> - Show quoted text -

Mr. Chateau,

We are interested in anything to get staff to exit the network. I
almost forget we have files synching at logoff to their directory and
if they never logoff..... We have Altiris and tried assigning a job
to restart at 10:00 PM, but when users do shutdown they would come in
the next day and after powering on the computer they are greeted by
the same shutdown job that powers off their computer. At first we
were looking for software. We would welcome a script to somehow
remove users from the network at a certain time.


Posted by Computerguy on January 21, 2008, 1:41 pm
Please log in for more thread options
> Here is the vbscript.
> Hopes that newsgroups reader won't kill the carrier returns...
>
> Just change:
> =A0ou=3DMystations,dc=3Dmydomain,dc=3Dcom to match your OU.
> C:\Scripts\LogOff\LogOff.log to a correct path for the log.
> This will logoff users on workstations
>
> Const ForWriting =3D 2
> strComputerContainer =3D "ou=3DMystations,dc=3Dmydomain,dc=3Dcom"
>
> Set objContainer =3D GetObject("LDAP://" & strComputerContainer)
> objContainer.Filter =3D Array("Computer")
>
> Set objFSO =3D CreateObject ("Scripting.FileSystemObject")
> Set objFile =3D objFSO.CreateTextFile ("C:\Scripts\LogOff\LogOff.log",
> ForWriting)
> Set StdOut =3D WScript.StdOut
> Set objShell =3D CreateObject("WScript.Shell")
>
> On Error Resume Next
>
> For Each objComputer In objContainer
>
> =A0strComputer =3D Split(objComputer.Name, "=3D")(1)
>
> =A0Set objScriptExec =3D objShell.Exec("ping " & strComputer)
> =A0strPingResults =3D LCase(objScriptExec.StdOut.ReadAll)
> =A0objFile.Write (Now & VbCrLf)
>
> =A0If InStr(strPingResults, "reply from") Then
> =A0 objFile.Write ("Ping " & strComputer & " OK" & VbCrLf)
> =A0 Err.Clear
> =A0 Set objWMIService =3D GetObject("winmgmts:" & _
> =A0 =A0"!\" & strComputer & "\root\cimv=
2")
>
> =A0 If Err.Number Then
> =A0 =A0objFile.Write ("Acces WMI " & strComputer & " Error" & VbCrLf)
> =A0 =A0objFile.Write ("Type d'Erreur : " & Err.Number & ": " & Err.Descrip=
tion &
> VbCrLf)
> =A0 =A0Err.Clear
> =A0 Else
>
> Const SHUTDOWN =3D 4
> objFile.Write ("Acces WMI " & strComputer & " OK" & VbCrLf)
> Set objWMIService =3D GetObject("winmgmts:" _
> =A0 =A0 & "!\" & strComputer=
&
> "\root\cimv2")
> Set colOperatingSystems =3D objWMIService.ExecQuery _
> =A0 =A0 ("SELECT * FROM Win32_OperatingSystem")
> For Each objOperatingSystem in colOperatingSystems
> =A0 =A0 ObjOperatingSystem.Win32Shutdown(SHUTDOWN)
> Next
>
> =A0 End If
> =A0Else
> objFile.Write ("Ping " & strComputer & " Error" & VbCrLf)
> =A0End If
> Next
> objFile.Close
>
> --
> Cordialement,
> Mathieu CHATEAU
> English blog:http://lordoftheping.blogspot.com
> French blog:http://www.lotp.fr
>
>
>
>
>
>
>
> > Hello,
>
> > this is not really a security issue, but more a functionnal issue.
> > Roaming profile won't get updated, as it is updated at logoff.
>
> > We use a vbscript to reboot stations, which force logoff on the way.
> > You may change the code to only logoff without shutting down the pc
> > Are you intereseted in ?
>
> > --
> > Cordialement,
> > Mathieu CHATEAU
> > English blog:http://lordoftheping.blogspot.com
> > French blog:http://www.lotp.fr
>
>

>
> > > Is there any security threat to the following ?
> > > - windows xp2 is locked (have to enter Ctrl+Alt+Del)
> > > - servers setup to disconnect users at 10:00 PM
>
> > > For electricity savings reasons we are starting to request users
> > > logoff and shutdown at the end of the day. Right now we have users
> > > who forget to logoff, but their PC will go to the Windows XP locked
> > > screen. If we are in the wrong forum please let us know to repost.
> > > Thanks.- Hide quoted text -
>
> > - Show quoted text -
>
> Mr. Chateau,
>
> =A0 =A0We are interested in anything to get staff to exit the network. =A0=
I
> almost forget we have files synching at logoff to their directory and
> if they never logoff..... =A0 We have Altiris and tried assigning a job
> to restart at 10:00 PM, but when users do shutdown they would come in
> the next day and after powering on the computer they are greeted by
> the same shutdown job that powers off their computer. =A0At first we
> were looking for software. =A0We would welcome a script to somehow
> remove users from the network at a certain time.- Hide quoted text -
>
> - Show quoted text -

Thank you, we will give it a try. Much appreciated.

Posted by Mervin Pearce on January 16, 2008, 7:05 am
Please log in for more thread options
Add in your scheduler a 'shutdown' command with the correct parameters...as
easy as that..




Similar ThreadsPosted
Domain logoff vs. shutdown April 30, 2007, 10:24 am
Delete files with logoff/on script June 3, 2008, 4:42 am
track employee time using logon & logoff December 13, 2006, 7:40 pm
audit logon/logoff events on terminal server July 18, 2007, 10:29 am
Excessive computer account logon/logoff loggining on security log September 12, 2006, 5:23 am
Logon/Logoff Events in Local Security Log of Terminal Server July 20, 2007, 2:39 pm
Allow power users to "Show Processes From All Users" in Task Manager May 25, 2007, 6:38 pm
Can I delete 'Athenticated Users' group form local 'Users' group January 29, 2008, 11:52 am
S-x-x-xx Users November 19, 2005, 11:36 am
Cannot Add Users November 1, 2007, 9:00 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap