[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 983
  • Last Modified:

Log off a user via vbs script

I have some domain accounts that are basically service account. These account are use for certain application like Veritas, or other third party applications... they need to be domain admin accounts in order to be working fine. So, I want to add a logon script for all of this accounts that way if for some reason anybody tries to log on with this account the account won't be able to log. So basically the vbs script needs to be able to log off the account.

Thanks.  

0
llarava
Asked:
llarava
  • 5
  • 5
  • 3
  • +2
2 Solutions
 
Barry62Commented:
Do your users normally log in to the network every day?

0
 
llaravaAuthor Commented:
All the domain users already have their logon script associated to their account/propierties/profile(AD). I am talking about service/application accounts these accounts are needed for certain applications to run (customize applications or standard ones) these accounts doesn't have any login script associated to their profiles, so I want to be sure that in case that somebody In case that they now, guess the password are not be able to logon to the domain. For this reason I want to link a vbs script to the user propierties/profile (AD) and force this account to log off.
0
 
Barry62Commented:
yes, but does anyone wishing to use the network have a logon profile, scripted or not?

If windows security is being used, you can simply do this:

userID = Request.ServerVariables("LOGON_USER")

Then check the userID variable against a database of authorized users.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
llaravaAuthor Commented:
Yes they do, the users have a logon attach to their account profile. Every domain user has an individual script  hardcoded on the profile tab for the specific user. Due to a company policy a GPO for log on can't be used, so every single user has it's own script.  

But  services accounts don't have anything on their profiles, they don't have a script right now. My idea is to link the user profile to a vbs script to force the account to log off in case that somebody tries to use the service account log on to the domain.

     
0
 
Barry62Commented:
why can't you just hard code scripts for those users that will not allow them access to the domain at all?
0
 
llaravaAuthor Commented:
Yes, this is the original idea. What I am looking for is for a sample vbs script to force the log off.
0
 
Barry62Commented:
OK, forgive me for not understanding.  If you write a script for their profiles that denies access to the domain in the first place, why would you need to log them off.  Essentially, they could never log on to the domain.
0
 
llaravaAuthor Commented:
Barry62,

Sorry, I think you still not get what I want to do. I will find the anwser by myself. It's a really simple script  but I wanted to know the other peoples opinion about the script.  

I leave the question open to give some other users the chance to participate.  
Thank you for your help.
0
 
dentabCommented:
could you just call
  shutdown -f -l -t 00

I am not sure if anmid privs are required or not, but it would force logoff.  I could provide if not a VB6 made exe to do the same job although it would mean putting it centrally or copying it to each machine.
0
 
David LeeCommented:
Hi, llarava.

I think there's a simpler solution to this.  Maybe two.  First, put all of these accounts in a separate OU and use group policy to take away the interactive logon right.  This has the side benefit of keeping all the service accounts together in one place where you can keep an eye on them.  Second, and I'm not sure this'll work, edit the account properties and set the allowed logon times to never.
0
 
llaravaAuthor Commented:
BlueDevilFan
I did not have time yet to try your idea, but don't know how this is going to work since this service accounts are part of the domain admin group I don't know how the deny logon locally is going to work, but anyway I will try to apply the GPO to the OU were these accounts are members (OU Service accounts).
I'll get back with the results
Thanks.
0
 
David LeeCommented:
Ok.  Thanks for the update.
0
 
Barry62Commented:
I thought you said your company would not let you use a GPO??

If you would have said you could, my answer would have been totally different!

0
 
dentabCommented:
thanks, hope it worked
0
 
ADP indiaCommented:
Hi,

This is santosh, i have one script it is give the input file of users login & logoff info through event viewer IDs. i have small  issue with that report i am able to generated the report of user's logon & logoff information in the DC but in the report i am getting the multiple entries of logoff information of user's. Please let me know any one know's the solution for this issue to be fixed and generate a clear report of the logon & logoff information.

Please do the needful on this issue, thanks for your support.

0
 
dentabCommented:
I suggest that you post a Question with points assigned to get a response
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 5
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now