Logon Scripting 102

Logon script ALERTING

These scripts will send an alert via "net send" to the user and administrator if they find the McAfee Anti-Virus software disabled or shutdown. Each example goes about finding the state in different ways. Example 1 use's wmic.exe (which we also have a lengthy tutorial on here WMIC SCRIPTS) to list the service, and then search for the keywords of stopped or running. Example 2 use "pulist.exe" and "sc.exe" to make sure that all the McAfee components are running correctly on the PC, otherwise an alert to the local user and the SiteAdmin will get a "net send" message. Sometime it's hard to tell in a browser if there is one continuous line in the script, so we are providing text file versions of the examples here: Example Text Files

Example 3 is more of a complete script, it does what the other two should, which is check to see that the PC has AV installed in the first place. It's a large script, but runs very fast nonetheless, and is fully commented in the text file example download.

EXAMPLE 1

@echo off
FOR /F "tokens=2 delims= " %%i IN ('"wmic.exe SERVICE GET Name, State" ^| findstr /I Running ^| findstr /I Mcshield') DO if %%i==Running goto :end
FOR /F "tokens=2 delims= " %%i IN ('"wmic.exe SERVICE GET Name, State" ^| findstr /I Stopped ^| findstr /I Mcshield') DO if %%i==Stopped goto :send
:send
net send %username% ALERT! You've signed in the domain with your AntiVirus software disabled. Contact the HelpDesk at 123.555.7890 ext 911
net send SiteAdmin User: %username% logged on Computer: %computername% at Time: %time% Date: %date%, but is not running AV!!!
:end
EXAMPLE 2
@echo off
FOR /F "tokens=1 delims= " %%i IN ('"pulist %computername%" ^| findstr /I Mcshield') DO if /I %%i==Mcshield goto :end
FOR /F "tokens=2 delims= " %%i IN ('"sc query McAfeeFramework" ^| findstr /I RUNNING') DO if /I %%i==RUNNING goto :send
:send
net send %username% ALERT! You've signed in the domain with your AntiVirus software disabled. Contact the HelpDesk at 123.555.7890 ext 911
net send SiteAdmin User: %username% logged on Computer: %computername% at Time: %time% Date: %date%, but is not running AV!!!
:end


Terms Of Service Logon Script 1

This script will show a TOS Agreement for your users to accept and login, or deny and logoff.

This Logon Batch script is very simple, and utilizes the program called choice.exe from Microsoft to prompt your users with two choices to press "Y" to accept the agreement or "N" or deny it and log them off. If they accept the agreement, they are allowed to proceed through the rest of the script. If they deny the agreement they are logged off of the computer 10 seconds after they press "N", or if they try to escape from the choice. The script is simple, and very effective.

To make the script even more effective, you may consider turning on the "Run logon scripts synchronously" setting in the registry, or through Active Directory.

http://www.microsoft.com/...

Also a good AD guide to set this setting can be found here.

The registry setting can be found here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Edit or create the DWORD value 'RunLogonScriptSync' 0 = disabled, 1 = enabled (set to 1 of course)

View the script here: TOS-Logon-Script