Can I force a user to log off automatically through a logon script?

Coachie · Jan 30, 2013

Hi there

I've trying to invoke a fix on the fly and have got a mixed windows workstation environment on my network. For particular reasons, I don't want my windows XP users to use a Windows 7 machine and equally I don't want a Windows 7 user to use a Windows XP machine. Silly I know but there you go.

I've set up a couple of WMI filters that determine the machine type and have used the following script to ensure that each user type is logged off and the PC restarted.

Option Explicit
Dim objShell
MsgBox"The detected logon method is not supported " & chr(13) & chr(13) & "Please revert to using your own computer." & chr(13) & chr(13) & "This computer will now restart" & chr(13) & chr(13),0,"Invalid Logon Detected."
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "C:\WINDOWS\system32\shutdown.exe -r -f -t 0"

For the Windows XP users on Windows 7 machines it works fine, however when a Windows 7 user logs into a Windows XP machine, it displays the message but won't do the restart bit on the Windows 7 machines.

Do I need to create some elevated permissions for my windows 7 machines.

Kaktussoft · Jan 30, 2013

Try to run interactively.

C:\WINDOWS\system32\shutdown.exe -r -f -t 0

works on winxp?
------------
Why did you create those user accounts? You don't let them logon! You don't simply log them off but even shutdown.

Coachie · Jan 30, 2013

Sorry but I don't understand what you mean by running that command interactively.

I need this shutdown/restart facility to run as they log in (i.e. Automatically).

I can't run the command for them.

It needs to be automated as the users log in.

Kaktussoft · Jan 30, 2013

Coachie said:
Sorry but I don't understand what you mean by running that command interactively.

I need this shutdown/restart facility to run as they log in (i.e. Automatically).

I can't run the command for them.

It needs to be automated as the users log in.

In winxp open command prompt and type
C:\WINDOWS\system32\shutdown.exe -r -f -t 0

That reboots computer fine?

Kaktussoft · Jan 30, 2013

Why did you create those user accounts? You don't let them logon! What should they be able to do with that account?

Kaktussoft · Jan 30, 2013

Coachie said:
Hi there

I've trying to invoke a fix on the fly and have got a mixed windows workstation environment on my network. For particular reasons, I don't want my windows XP users to use a Windows 7 machine and equally I don't want a Windows 7 user to use a Windows XP machine. Silly I know but there you go.

I've set up a couple of WMI filters that determine the machine type and have used the following script to ensure that each user type is logged off and the PC restarted.

Option Explicit
Dim objShell
MsgBox"The detected logon method is not supported " & chr(13) & chr(13) & "Please revert to using your own computer." & chr(13) & chr(13) & "This computer will now restart" & chr(13) & chr(13),0,"Invalid Logon Detected."
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "C:\WINDOWS\system32\shutdown.exe -r -f -t 0"

For the Windows XP users on Windows 7 machines it works fine, however when a Windows 7 user logs into a Windows XP machine, it displays the message but won't do the restart bit on the Windows 7 machines.

Do I need to create some elevated permissions for my windows 7 machines.

If a winxp user (only allowed to logon on winxp machine) logs on on WIN7 machine .. script works? Are you very sure?! Startup scripts run NOT elevated, so can't shutdown.

DavidE · Jan 30, 2013

It looks like the syntax might have changed since XP, and the "-" for XP is a "/" for Win7 switches.
Take a look here, and try using the "/" for Win 7.
MS-DOS shutdown command help

For XP you might need objShell.Run "C:\WINDOWS\system32\shutdown.exe -r -f -t 0"
For W7 you might need objShell.Run "C:\WINDOWS\system32\shutdown.exe /r /f /t 0"

DavidE · Jan 30, 2013

I tested both of these commands from a Command Prompt (CMD) window in Win 7, and they both restarted my PC.
So now I don't think it's the "-" vs "/" issue.
fyi, I log in as a Standard User, and did NOT use an elevated CMD.

Can you add a debug or trace statement to your script to see what, if anything, it returns for troubleshooting?

Kaktussoft · Jan 30, 2013

You better use ntrights.exe to prevent users to logon interactively.

Code:

[B]ntrights   -U   "[COLOR=red]User or Group[/COLOR]"   +R   SeDenyInteractiveLogonRight[/B]

For example:

Code:

ntrights  -U  "JohnDoe"  +R  SeDenyInteractiveLogonRight

To revert this:

Code:

ntrights  -U  "JohnDoe"  -R  SeDenyInteractiveLogonRight

Place ntrights.exe in c:\windows\system32.
Run from command prompt in winxp. In win7 run from http://www.sevenforums.com/tutorials/783-elevated-command-prompt.html

Works?

Can I force a user to log off automatically through a logon script?

Coachie

New member

My Computer

Kaktussoft

New member

My Computer

Coachie

New member

My Computer

Kaktussoft

New member

My Computer

Kaktussoft

New member

My Computer

Kaktussoft

New member

My Computer

DavidE

____________

My Computer

DavidE

____________

My Computer

Kaktussoft

New member

My Computer