I've been tasked with writing a script to automatically log a user off a system and disable the user account following employment termination. The problem I'm having is that the change is not filtering down fast enough. A terminated employee will have time to walk down to the system and log back in before the workstation recognizes that the account is disabled. I've tried a couple of things, this is the latest:
Const SHUTDOWN = 1
Const LOGOFF = 0
Const Reboot = 2
Const ForcedLogoff = 4
Const ForcedShutdown = 5
Const ForcedReboot = 6
Const PowerOff = 8
Const ForcedPowerOff = 12
Const ADS_UF_ACCOUNTDISABLE = 2
Set objUser = GetObject("LDAP://ADServer
/cn=BadEmp
loyee,cn=U
sers,dc=do
main,dc=lo
cal")
intUAC = objUser.Get("userAccountCo
ntrol")
objUser.SetPassword "YouAreFired"
objUser.Put "userAccountControl", intUAC OR ADS_UF_ACCOUNTDISABLE
objUser.SetInfo
strOption = ForcedLogoff
strComputer = "Workstation"
Set objWMIService = GetObject("winmgmts:{imper
sonationLe
vel=impers
onate,(Shu
tdown)}\\"
& strComputer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery ("SELECT * FROM Win32_OperatingSystem")
For Each objOperatingSystem In colOperatingSystems
ObjOperatingSystem.Win32Sh
utdown(str
Option)
Next
This script changes the password, disables the account, and logs the user off the computer. Works great, just not fast enough. I added the password change thinking that it would recognize this change faster than the disabled, but no luck. Tried shutting the system down hoping the delay would be enough, but no. Any ideas how I can refresh this via script?
I'd prefer using script, but I can throw this in a console application if anyone can solve it with VB...
Start Free Trial
