kdyer,
Thanks for reply. I think you are replying here to this post plus another I also have, but that's ok.
1. Hide login boxes.
Various pressures are at work here wanting IT to reduce the number of screens that a user sees during login, to zero.
The current Kix login script is extremely stable and has functioned without problems across all our platforms for over a year but should we require to change it significantly then we would expose information screens for that part of the script, like installing or modifying an application.
HR have some Company philosphy type screens that they want as wallpapers but desktop icons clutter the screens.
W2k has the 'show desktop icons' if active desktop is enabled but even this is not acceptable as it leaves the user able to effectively bypass the 'message'. So I need a way to remove desktop icons for a period long enough for the 'message' to be effective and perhaps even pop the same message up at some regular or irregular interval.
I would like to know how to schedule such things too!
2.Workstations User can Login to. (User Manager)
True it is an admin function but the Microsoft interface is very cumbersome. We regularly give temp access to workstations for various reasons so the 'initial' security can get broken if admin staff fail to remove the changes they made once they are no longer needed.
I wanted a way to extract, and check against a master list, the workstations in each user account report any variances. This does not necessarily have to be done in the login script as it could be a separate sscript run by admin staff.
Every user has at least 2 workstations listed in their user account, their own plus a dummy end marker. Any entries after the dummy are temp and should be removed asap.
There are other things I check/change from the SAM also, like dial-in access and settings.
Access to internet access is also controlled by this method as is VPN access, so even in a small network, to manually look through all user accounts for possible errors is just too cumbersome and not really even practical.
I have played around somewhat with a VBS script to expose some of the AD objects using..
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
..and reading User.LoginWorkstations.
If there is NO workstation entries or ONLY 1 workstation in the list, it works fine but for anymore than 1 it gives an error like 'multi-valued string'.
The string is actually a list of the workstations separated with the # char but I have not yet been able to extract the entries, probably because there is some special way to extract that string. (or is it an array?)
Hope all this is clear and that someone can help.
rgds
_________________________
KYOSEI. There are only three groups of people that can count. Those that can, and those that can't.
