?
Solved

Attempting to implement .adm or .inf security templates to a Windows 2000 Default Domain Policy GPO using vbscript.

Posted on 2007-11-28
7
Medium Priority
?
698 Views
Last Modified: 2013-12-05
I currently have a request to implement a warning banner for users logging on to a domain computer in a Windows 2000 Professional Server/Workstation environment.  I am looking for a way to implement either a .adm or .inf secuity template to update the "Security Settings\Local Policy\Security Options\Message text for users attempting to log on"
I've never attempted such a script and would like to get feedback from anyone who has.  If it is not possible to do using VB, I am open to other suggestions.
Thank you.
0
Comment
Question by:pennstatedustin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 4

Accepted Solution

by:
MeCanHelp earned 2000 total points
ID: 20369307
You don't need a script to take care of this, if you want a warning window to come up during login you can set this a group policy and link the policy to the domain or you can even edit the domain policy that comes as a defualt.

Implementing an Authorized Usage Warning
It is recommended that the system display a warning message to users before allowing them to log on. It may be necessary to get help with the wording of the message from the company's legal department. The message should inform users that the system is for authorized use only, and that they could be prosecuted if they misuse the system. For example,

This system may only be used for Company XYZ official business. Company XYZ computer systems may be monitored to ensure proper use, and to ensure that security mechanisms are not circumvented. Unauthorized use or intentional misuse of this system could result in criminal prosecution.

Add the logon message above to the Local Computer Policy as follows:

1.Log on using an administrator account.
 
2.Open the Active Directory Users and Computers tool.
 
3.Right-click the container holding the domain controller and click Properties.
 
4.Click the Group Policy tab, and then click Edit to edit the Default Domain Policy.
 
5.In the Group Policy window, expand Computer Configuration, navigate to Windows Settings, to Security Settings, and then to Local Policies.
 
6.Select Security Options.
 
7.In the details pane, double-click Message title for users attempting to log on.
 
8.Check the Define this policy setting box.
 
9.Enter the title for the message (for example, "Warning") and click OK.

10.Double-click Message text for users attempting to log on.
 
11.Check the Define this policy setting box.
 
12.Enter the text for the message and click OK.

13.Exit the Group Policy window.

Restart a domain client and log in to the domain to see the login banner message.

Since this security setting is associated with the default domain GPO, it applies to all computers in the domain. This setting will override any local policies (defined on individual computers) that specify this security parameter, but will not override any OU policies that specify this value.
 
0
 
LVL 1

Author Comment

by:pennstatedustin
ID: 20374108
MeCanHelp,
Thank you for your comment, however, I am alrerady aware of this solution.  I am attempting to script that process because we do not want our customers' Admins messing around in GPO unless there is no way to avoid it.  While they have on-site admins, the goal is to automate as much of any process as possible.  I appreciate that you responded.  I probably should have explained this better in the initial question.
0
 
LVL 4

Assisted Solution

by:MeCanHelp
MeCanHelp earned 2000 total points
ID: 20381199
You are aware of GPO deligation then I assume? You can decide who is able to mess around in GPO's and who is not even down to the link level.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:pennstatedustin
ID: 20382053
Yes, I am aware of that as well.  It's just a simple matter of outside pressures (i.e. supervisors and other project stakeholders) wanting to keep this as dumbed down as possible for the site admins.  I've offered up the solution you had suggested before I posted here, but they are keen on a script, so I figured I'd see if anyone had done such a thing before.  As today is the deadline, my final solution was an executable that will be run on each machine since they wanted a script.
0
 
LVL 4

Assisted Solution

by:MeCanHelp
MeCanHelp earned 2000 total points
ID: 20414538
Well thats your problem then you have non-technical people making the technical decisions on your network. Not even going to go any further when thats the case good luck!
0
 
LVL 1

Author Comment

by:pennstatedustin
ID: 20414678
Haha, thanks.  Since you're the only one that answered, I'm giving you the points.
0
 
LVL 1

Author Closing Comment

by:pennstatedustin
ID: 31411420
I'm giving out the points since this was the only answer I received.  Solution was not quite what I was hoping it would be, but it is still a workable solution given that other circumstances would have been in line.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question