Logon Policy Script (Active Directory w/ Powershell)

Recently I’ve been involved in a project which included writing a script to configure a log-on policy to accept or deny some sort of a disclaimer. The script hereunder specifically gives the use a policy to read and if the user approves it then he will be able to continue, otherwise he will be logged of.

I’ve chosen Active Directory to be my parameter repository namely here I am using the phone attribute, but you can change it to whatever you want.

You must place this script in a group policy as a log-on power shell script and you’re good to go, I hope this helps.

Add-Type –AssemblyName System.Windows.Forms
taskkill /im explorer.exe /f

Function Get-DistinguishedName ($strUserName)
{
$searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]'')
$searcher.Filter = "(&(objectClass=User)(samAccountName=$strUserName))"
$result = $searcher.FindOne()

Return $result.GetDirectoryEntry().DistinguishedName
}

function CustomInputBox([string] $title, [string] $message, [string] $defaultText)
{
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$userForm = New-Object System.Windows.Forms.Form
$userForm.Text = "$title"
$userForm.Size = New-Object System.Drawing.Size(290,150)
$userForm.StartPosition = "CenterScreen"
$userForm.AutoSize = $False
$userForm.MinimizeBox = $False
$userForm.MaximizeBox = $False
$userForm.SizeGripStyle= "Hide"
$userForm.WindowState = "Normal"
$userForm.FormBorderStyle="Fixed3D"

$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(115,80)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$value=$objTextBox.Text;$userForm.Close()})
$userForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(195,80)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click({$userForm.Close()})
$userForm.Controls.Add($CancelButton)
$userLabel = New-Object System.Windows.Forms.Label
$userLabel.Location = New-Object System.Drawing.Size(10,20)
$userLabel.Size = New-Object System.Drawing.Size(280,20)
$userLabel.Text = "$message"
$userForm.Controls.Add($userLabel)
$objTextBox = New-Object System.Windows.Forms.TextBox
$objTextBox.Location = New-Object System.Drawing.Size(10,40)
$objTextBox.Size = New-Object System.Drawing.Size(260,20)
$objTextBox.Text="$defaultText"
$userForm.Controls.Add($objTextBox)
$userForm.Topmost = $True
$userForm.Opacity = 0.91
$userForm.ShowIcon = $False
$userForm.Add_Shown({$userForm.Activate()})
[void] $userForm.ShowDialog()
return $value

}

$currentuser = [Environment]::UserName
$udn = Get-DistinguishedName ($currentuser)
$user = [adsi] "LDAP://adbox1:389/$udn"
$checker = $user.psbase.InvokeGet("ipPhone")

if ($checker -eq "1")
{
$policy = [System.Windows.Forms.MessageBox]::Show("You've already accepted the policy!" , "Status" , 0)
explorer.exe
exit
}

else
{
$policy = [System.Windows.Forms.MessageBox]::Show("This is our policy!" , "Status" , 0)

$decision = [System.Windows.Forms.MessageBox]::Show("Do you accept it?" , "Status" , 4)
if($decision -eq "Yes")
{

$userInput = CustomInputBox "User Name" "Please enter your name." ""
if ($userInput -lt 0)
{
$error = [System.Windows.Forms.MessageBox]::Show("This must not be null, click okay and try again!" , "Status" , 0)
logoff.exe
}
else

{
$when = date
$user = [adsi] "LDAP://adbox1:389/$udn"
$user.Put("info", "I DO accept the policy! and my name is $userInput [$when]")
$user.SetInfo()
$user.Put("ipPhone", "1")
$user.SetInfo()
explorer.exe
}
}
elseif ($decision -eq "No")
{
$user = [adsi] "LDAP://adbox1:389/$udn"
$user.Put("info", "I DO NOT accept this policy!")
$user.SetInfo()
$user.Put("ipPhone", "0")
$user.SetInfo()
logoff.exe
}
else {
logoff.exe
}

}

(Abdullah)^2

2713 Total Views 7 Views Today

Abdullah

Knowledge is limitless.

Leave a Reply

Your email address will not be published. Required fields are marked *