Originally I used VB scripts for this but we're trying to move away from using those. Also I had a similar logoff script to clear out the records on the AD computer at logoff. that way you can see who is actively logged on to any PC.
In this case no external XML config file is used so the encrypted service user data in kept in the script.
Param(
[switch]$Console = $False
)
<#======================================================================================
File Name : SessionInfo.ps1
Original Author : Kenneth C. Mazie (kcmjr AT
kcmjr.com)
:
Description : Run as a GPO based logon
script. Writes user info to computer
record and
: computer info to user record in AD.
:
Operation : Requires PowerShell AD
module.
: Looks for any text file in the same folder
as the script. If found it loads the
: list of IP addresses or system names and
cycles through them. It then renames
: test file to avoid redetection. Can alternately enumerate a domain. Original script
: used REG.EXE for all operations, this
proved unreliable so the writes were switched to
: using .NET functions. HTML logs are written to the script
folder. Only
: the previous 10 logs are retained.
:
Arguments : Normal operation is with no
command line options.
: -console $true : Displays status output to
console - defaults to $false
:
Warnings : None
:
Legal : Public Domain. Modify and
redistribute freely. No rights reserved.
: SCRIPT PROVIDED "AS
IS" WITHOUT WARRANTIES OR GUARANTEES OF
: ANY KIND. USE AT YOUR OWN
RISK. NO TECHNICAL SUPPORT PROVIDED.
:
Credits : Code snippets and/or ideas
came from many sources including but
: not limited to the following:
:
Last Update by : Kenneth C. Mazie
Version History : v1.0 - 11-13-17 - Original
Change History : v2.0 - 00-00-00 -
:
=======================================================================================#>
Clear-Host
$DN = (Get-ADDomain).DNSroot
$EPW = '7649AYQBhAAAyADUAYQA2AGQA2d111GQAZANgA0zAGYANGIATgBaA/AWnCvLO+EeDcAYwBtAHAAWQB6AHoAZgBiAGMAYQBhAGEZAA2ADQAYwBkADYAZQBmAGQAOAA0ADEANgBiADAAZgBkAGYAZAA='
$BA = [System.Convert]::FromBase64String('kdhCh7AL+Ebie8674NwBkADEANAA4mE=')
$SC = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList '$DN\serviceaccount', ($EPW | ConvertTo-SecureString -Key $BA)
$ThisComputer = $Env:ComputerName
$ThisUser = (Get-Aduser $ENV:UserName).Name
$ThisUserSAM = (Get-Aduser $ENV:UserName).sAMAccountName
If ($Console){
Write-host "This User
Name :"$ThisUser
Write-host "This User
SAM :"$ThisUserSAM
Write-host "This
Computer :"$ThisComputer
}
Try{
Set-ADUSer -Identity $ENV:UserName -Replace @{wWWHomePage=$Env:ComputerName;LogonWorkstation=$Env:ComputerName} -ErrorAction Stop -Credential $SC
Get-ADComputer -Filter 'Name -like
$ThisComputer' -Properties * | % {Set-ADComputer $Env:ComputerName -ManagedBy $ThisUserSAM -ErrorAction Stop -Credential $SC}
#Get-ADComputer -Filter 'Name -like
$ThisComputer' -Properties * | % {Set-ADComputer $Env:ComputerName -ManagedBy
$ThisUserSAM -Description $ThisUser -ErrorAction Stop -Credential $SC}
}Catch{
$ErrorMessage = $_.Exception.Message
$FailedItem = $_.Exception.ItemName
If ($Console){
Write-Host "Error
Message :"$ErrorMessage
Write-host "Failed
Item :"$FailedItem
}
}
No comments:
Post a Comment