B
Brandon McCombs
hello,
I have a script that runs when a user logs in that checks to see whether
they are logged in already somewhere else by keeping track of the
workstation name in a custom attribute I created in AD. Based on the
logic I use if the user is being detected as having logged in somewhere
already they are immediately logged off using WMI's opsys.win32shutdown
class. I just simply use the EWX_LOGOFF flag and it works great.
Unfortunately with strict government requirements that I have to follow
I also have to restrict administrators to this same situation which in
and of itself isn't difficult to do until this script attempts to log
them off of a domain controller if a DC happens to be their 2nd logon
attempt. I get an error on the opsys.win32shutdown line when the script
runs on a domain controller and it won't log the user off then. I tried
using the FORCE flag but that didn't help. From what I've read it is
possible to reboot *any* machine this way but is it not possible to log
someone off a domain controller this way? The error code I get back is
80041001 which is one of the generic errors that is of no help
whatsoever.
thanks
I have a script that runs when a user logs in that checks to see whether
they are logged in already somewhere else by keeping track of the
workstation name in a custom attribute I created in AD. Based on the
logic I use if the user is being detected as having logged in somewhere
already they are immediately logged off using WMI's opsys.win32shutdown
class. I just simply use the EWX_LOGOFF flag and it works great.
Unfortunately with strict government requirements that I have to follow
I also have to restrict administrators to this same situation which in
and of itself isn't difficult to do until this script attempts to log
them off of a domain controller if a DC happens to be their 2nd logon
attempt. I get an error on the opsys.win32shutdown line when the script
runs on a domain controller and it won't log the user off then. I tried
using the FORCE flag but that didn't help. From what I've read it is
possible to reboot *any* machine this way but is it not possible to log
someone off a domain controller this way? The error code I get back is
80041001 which is one of the generic errors that is of no help
whatsoever.
thanks