C
Centrist
I am writing a script that needs to apply the domain's group policy,
restart, and automatically log the administrator back in without
needing any user interaction. The problem is that I cannot get rid of
the legal message. This is the popup that appears after you press CTL-
ALT-DEL on a Win2k or WinXP machine which has a message set in the
group policy. In my case, the message is set in a domain GPO.
My first solution was to delete the legalnoticetext and
legalnoticecaption registry values in HKLM. This is a very common
example on the internet. However, (like many of these examples) this
doesn't work because the group policy will just be applied again when
the computer is restarting.
My second solution was to make use of the NoMachinePolicy DWORD value
located in:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\GPExtensions
\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
When NoMachinePolicy is set to 1, it prevents the security policy from
being applied. I had the script set the value to 1 just before
rebooting, and then change the value back after logging in. This
solution also has problems, and I can't use it. In Windows XP, it
appears to reverse the changes made by the gpupdate /force command. I
am executing gpupdate /force, setting the auto logon registry entries,
setting NoMachinePolicy to 1, clearing the legal message text and
caption, and then restarting. But here's the problem: when the group
policy is applied, the administrator account is renamed to something
else. However, after I restart the account's name goes back to
administrator. My auto login fails because I have the wrong account
name for DefaultUserName. And I have verified that after the gpupdate
command is run, the account name does change just before the gpupdate
finishes. I have no idea why this is happening.
The second reason I don't like using this is because I cannot leave
NoMachinePolicy set to 1 the whole time the script is working. The
script installs several packages after restarting which need to be
able to apply group policy. And if I do not have it set the whole
time, the computer will not be able to automatically boot up and login
if one of the package installations forces a restart.
So I'm looking for a working solution that will let me bypass the
legal message for an automated logon. This is the only problem
stopping me from being able to use this script, and I would really
appreciate some help here.
Disclaimer: Previously posted this on
microsoft.public.scripting.vbscript, but got no replies. If there is a
better group to use, please let me know!
restart, and automatically log the administrator back in without
needing any user interaction. The problem is that I cannot get rid of
the legal message. This is the popup that appears after you press CTL-
ALT-DEL on a Win2k or WinXP machine which has a message set in the
group policy. In my case, the message is set in a domain GPO.
My first solution was to delete the legalnoticetext and
legalnoticecaption registry values in HKLM. This is a very common
example on the internet. However, (like many of these examples) this
doesn't work because the group policy will just be applied again when
the computer is restarting.
My second solution was to make use of the NoMachinePolicy DWORD value
located in:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\GPExtensions
\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
When NoMachinePolicy is set to 1, it prevents the security policy from
being applied. I had the script set the value to 1 just before
rebooting, and then change the value back after logging in. This
solution also has problems, and I can't use it. In Windows XP, it
appears to reverse the changes made by the gpupdate /force command. I
am executing gpupdate /force, setting the auto logon registry entries,
setting NoMachinePolicy to 1, clearing the legal message text and
caption, and then restarting. But here's the problem: when the group
policy is applied, the administrator account is renamed to something
else. However, after I restart the account's name goes back to
administrator. My auto login fails because I have the wrong account
name for DefaultUserName. And I have verified that after the gpupdate
command is run, the account name does change just before the gpupdate
finishes. I have no idea why this is happening.
The second reason I don't like using this is because I cannot leave
NoMachinePolicy set to 1 the whole time the script is working. The
script installs several packages after restarting which need to be
able to apply group policy. And if I do not have it set the whole
time, the computer will not be able to automatically boot up and login
if one of the package installations forces a restart.
So I'm looking for a working solution that will let me bypass the
legal message for an automated logon. This is the only problem
stopping me from being able to use this script, and I would really
appreciate some help here.
Disclaimer: Previously posted this on
microsoft.public.scripting.vbscript, but got no replies. If there is a
better group to use, please let me know!