Re: Multiple Login
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 03/11/05
- Next message: jimr: "Suspected Virus/Worm Causing PC to Power Off"
- Previous message: David H. Lipman: "Re: Will not search second user for spyware, etc?"
- In reply to: Brandon McCombs: "Re: Multiple Login"
- Next in thread: Brandon McCombs: "Re: Multiple Login"
- Reply: Brandon McCombs: "Re: Multiple Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Mar 2005 01:41:28 +0100
Brandon McCombs wrote:
> Instead of the current "solutions" which require database
> installations I simply added an integer attribute to the Active
> Directory schema with a minimum value of 0 and then edited the
> user object class to have the new attribute as optional.
>
> I created a logon and logoff script that will either increment or
> decrement this value to keep track of logons. The logon script
> will increment the value to 1 if it is 0 and if it is 1 it will
> increment to 2, pop up a dialog alerting the user to what is
> hapening (if they are already logged in somewhjere else) and when
> the user clicks OK the script utilizes the WMI shutdown ability to
> log the user off w/o them being able to do anything. The logoff
> script simply decrements the integer (not necessarily to a 0).
I see one problem here, and that is when the user is "thrown" off the
computer without running the logoff script that is supposed to
decrement the value.
If the computer is "brutally" powered off by the user or by a power
glitch, or for some reason the OS crashes or hangs so a reboot without
logoff must be done, the user will not be able to log on again without
contacting support personnel. If this happens in the evening or in the
weekend, and no support personnel is available, you will have a pretty
angry user on your hands I think.
> The scripts are heavily optimized by grabbing the windows
> environment variable containing the username and using that as a
> search filter in the LDAP query. That way there is only one result
> returned from the ADS query and I don't have to have a loop setup.
On Win2k/WinXP/Win2k3 computers, you don't need to do a LDAP query at
all.
For current user, you can use the ADSystemInfo object to obtain the
distinguished name of the user directly:
'--------------------8<----------------------
Set oADSystemInfo = CreateObject("ADSystemInfo")
Wscript.Echo "User's distinguished name: " & oADSystemInfo.UserName
' get AD user object
Set oADsUser = GetObject("LDAP://" & oADSystemInfo.UserName)
' get full name of the current user
sDisplayName = oADsUser.DisplayName
Wscript.Echo "User's display name: " & sDisplayName
'--------------------8<----------------------
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: jimr: "Suspected Virus/Worm Causing PC to Power Off"
- Previous message: David H. Lipman: "Re: Will not search second user for spyware, etc?"
- In reply to: Brandon McCombs: "Re: Multiple Login"
- Next in thread: Brandon McCombs: "Re: Multiple Login"
- Reply: Brandon McCombs: "Re: Multiple Login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
