Solved

Adding another value to script to create an or else statement

Posted on 2010-11-22
26
593 Views
Last Modified: 2012-05-10
I have a script that work well in defining no screen saver policy, but I would like to add another statement into it to also make it into a 60 minute screen lockout policy by defining what group the user is attach too, here is the script at the bottom

as you can see from the script I have the "Const SPECIAL = "ou settings users (no screen saver)", I have another setting I would like to put in there that would be

"Const SPECIAL = "60 minute screen saver"

What i want it to do is basically if you are in the 60 minute saver ou group, after 60 minutes of inactivity lock it out and if you are in the no screen saver dont lock it out
''' Applying power settings for special accounts



Set ADSysInfo = CreateObject("ADSystemInfo")

Set CurrentUser = GetObject("LDAP://" & Replace(ADSysInfo.UserName, "/", "\/"))



If IsEmpty(CurrentUser.MemberOf) Then

   strGroups = ""

   ElseIf TypeName(CurrentUser.MemberOf) = "String" Then

      strGroups = LCase(CurrentUser.MemberOf)

   Else

      strGroups = LCase(Join(CurrentUser.MemberOf))

End If





Const SPECIAL = "ou settings users (no screen saver)"

Const HKEY_CURRENT_USER = &H80000001



If InStr(strGroups, SPECIAL) Then



	strComputer = "."

	

	Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

	

	strKeyPath = "Control Panel\PowerCfg"

	strEntryName = "CurrentPowerPolicy"

	objReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strEntryName,strValue

	'Wscript.Echo "Current Power Policy: " & strValue

	

	If strValue <> 2 Then

		

		strValueSet = "2"

		objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, strEntryName, strValueSet

	

	End If



End If

Open in new window

0
Comment
Question by:erwin_miranda
  • 15
  • 11
26 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 34192989
Hi, this would be the logic you need, but I'm not sure how to set the 60 minute time out just yet.  I can look into that tomorrow.

Regards,

Rob.
''' Applying power settings for special accounts



Set ADSysInfo = CreateObject("ADSystemInfo")

Set CurrentUser = GetObject("LDAP://" & Replace(ADSysInfo.UserName, "/", "\/"))



If IsEmpty(CurrentUser.MemberOf) Then

   strGroups = ""

   ElseIf TypeName(CurrentUser.MemberOf) = "String" Then

      strGroups = LCase(CurrentUser.MemberOf)

   Else

      strGroups = LCase(Join(CurrentUser.MemberOf))

End If





Const SPECIAL1 = "ou settings users (no screen saver)"

Const SPECIAL2 = "60 minute screen saver"



Const HKEY_CURRENT_USER = &H80000001



If InStr(strGroups, SPECIAL1) > 0 Then



	strComputer = "."

	

	Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

	

	strKeyPath = "Control Panel\PowerCfg"

	strEntryName = "CurrentPowerPolicy"

	objReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strEntryName,strValue

	'Wscript.Echo "Current Power Policy: " & strValue

	

	If strValue <> 2 Then

		

		strValueSet = "2"

		objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, strEntryName, strValueSet

	

	End If



ElseIf InStr(strGroups, SPECIAL2) > 0 Then



	' This is where you would set your 60 minute time-out



End If

Open in new window

0
 

Author Comment

by:erwin_miranda
ID: 34202382
Hello

I added this to the value of " This is where you would set your 60 minute time-out"

      Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer   & "\root\default:StdRegProv")
      
      strKeyPath = "Control Panel\Desktop"
      objReg.CreateKey HKEY_CURRENT_USER, strKeyPath
      ValueName = "ScreenSaveTimeout"
      strValue = "1800"
      objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue


but it still did not work...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34202657
Try this instead.  I'm not sure if you'll need to use these two lines:
      'Set objShell = CreateObject("WScript.Shell")
      'objShell.Run "RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters", 0, True

they are commented out at the moment, but if it doesn't work, try removing the apostrophe at the start, and see if that command helps.

Regards,

Rob.
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer   & "\root\default:StdRegProv")

      

      'strKeyPath = "Control Panel\Desktop"

      strKeyPath = "Software\Policies\Microsoft\Windows\Control Panel\Desktop"

      objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

      ValueName = "ScreenSaveTimeout"

      strValue = "1800"

      objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue

      'Set objShell = CreateObject("WScript.Shell")

      'objShell.Run "RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters", 0, True

Open in new window

0
 

Author Comment

by:erwin_miranda
ID: 34202820
'strKeyPath = "Control Panel\Desktop"

is there suppose to be a paranthese at the beginning of this..
0
 

Author Comment

by:erwin_miranda
ID: 34202847
I am sorry I am idiot...apostrophe
0
 

Author Comment

by:erwin_miranda
ID: 34202961
Hello Sir, I got an error
it says \\domain controler\netlogon\Upity\_scripts\3-PowerSpecialUsers.vbs
Line 40
Char2
Error 0x80041021
Code 80041021
Source (null)

I found that this line is number 40
Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer   & "\root\default:StdRegProv")
0
 

Author Comment

by:erwin_miranda
ID: 34203066
Okay I got an idea, what if create another script like so

''' Applying power settings for special accounts



Set ADSysInfo = CreateObject("ADSystemInfo")

Set CurrentUser = GetObject("LDAP://" & Replace(ADSysInfo.UserName, "/", "\/"))



If IsEmpty(CurrentUser.MemberOf) Then

   strGroups = ""

   ElseIf TypeName(CurrentUser.MemberOf) = "String" Then

      strGroups = LCase(CurrentUser.MemberOf)

   Else

      strGroups = LCase(Join(CurrentUser.MemberOf))

End If





Const SPECIAL = "60 minute screen saver"



Const HKEY_CURRENT_USER = &H80000001



If InStr(strGroups, SPECIAL) Then



	strComputer = "."

	Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer   & "\root\default:StdRegProv")

      

      'strKeyPath = "Control Panel\Desktop"

      strKeyPath = "Software\Policies\Microsoft\Windows\Control Panel\Desktop"

      objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

      ValueName = "ScreenSaveTimeout"

      strValue = "1800"

      objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, ValueName, strValue

      'Set objShell = CreateObject("WScript.Shell")

      'objShell.Run "RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters", 0, True

	

   End If



End If

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34208760
The If....Then....Else statement is working the way I had it, I just forgot to add
strComputer = "."
above the
Set objReg = .....
line. Add that, and the error you got with go away.

There is supposed to be an apostrophe on this line:
      'strKeyPath = "Control Panel\Desktop"

because we're not using that right now.  Does the registry change take effect?

Rob.
0
 

Author Comment

by:erwin_miranda
ID: 34210100
no it does not, what about creating another script like the original one but with your regisrtry setting, can that be possible
0
 

Author Comment

by:erwin_miranda
ID: 34212062
No Sir the registry does not take effect, sir.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34236125
OK, it doesn't seem that it's possible to use RunDLL32.exe to force the screen saver timeout to update.  The best I can find is this:
http://support.microsoft.com/kb/97142
http://www.freevbcode.com/ShowCode.Asp?ID=504

which suggests you can use the SystemParametersInfo function of User32.dll to set the time out.  You could compile that code into an EXE, and make the EXE accept the command line argument for the timeout value in seconds, and you could use that.  If you had access to Visual Basic, you could do it with that.

Regards,

Rob.
0
 

Author Comment

by:erwin_miranda
ID: 34236364
How can i do that?
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34236424
Do you have Visual Basic?  You can download the VB.NET Express Edition, and use something like this code:

' SetLastError:=True is required for error checking
<DllImport("user32", SetLastError:=True, CharSet:=CharSet.Auto)> _
Public Shared Function SystemParametersInfo( _
            ByVal intAction As Integer, _
            ByVal intParam As Integer, _
            ByVal strParam As String, _
            ByVal intWinIniFlag As Integer) As Integer
' returns non-zero value if function succeeds
End Function

Const SPI_SETSCREENSAVERACTIVE As Integer = 17
Const SPI_SETSCREENSAVERTIMEOUT As Integer = 15
Const SPIF_UPDATEINI As Integer = 1
Const SPIF_SENDWININICHANGE As Integer = 2

Const intTimeOut As Integer = 1800
intReturn = SystemParametersInfo(SPI_SETSCREENSAVERTIMEOUT, intTimeOut, Null, SPIF_UPDATEINI + SPIF_SENDWININICHANGE)


Compile that, and when you run the EXE it will hopefully set it (although I haven't tested it).

Regards,

Rob.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 65

Expert Comment

by:RobSampson
ID: 34236426
If you can't do it, I'll try to make the program tomorrow.
0
 

Author Comment

by:erwin_miranda
ID: 34237591
Thank you Mr. Sampson..I will try and do it..you know..but as they say in order for you to walk you must first learn to crawl...and thank you form the bottom of my heart..
0
 

Author Comment

by:erwin_miranda
ID: 34237594
and if i try and fail ...i will ask for help sir..
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34254065
Hi, I have written the very small VB.NET application called SetScreenSaverTimeout.exe.  You can use it in one of two ways:

1) at a command prompt (scriptable), use
    setscreensavertimeout <timeinseconds>

2) double-click it, and it will prompt you for the timeout in seconds

Regards.

Rob
SetScreenSaverTimeout.txt
0
 

Author Comment

by:erwin_miranda
ID: 34254892
thank you..how would i add this to the script that i first provided and how can i check it with the OU for 60 minute screen saver, if possible to do..

I just dont want to give everybody this option..just a certain amount of people.
0
 

Author Comment

by:erwin_miranda
ID: 34256780
SIr, how can i make it work in a 3.5 net framework...
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34261352
I tested it in a .NET 3.5 Framework...what error message did you get?

Rob.
0
 

Author Comment

by:erwin_miranda
ID: 34264257
this is the error
To run this application, you must first install one of the following versions of .Net Framework:
v4.0.30319
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 125 total points
ID: 34264322
Oh...I didn't change the compilation option....sorry.....use this EXE instead.

And also this code.  Make sure you set the following:
      strSetScreenSaverTimeout = "\\server\share\setscreensavertimeout.exe"
      intTimeout = 3600

Regards,

Rob.
''' Applying power settings for special accounts



Set ADSysInfo = CreateObject("ADSystemInfo")

Set CurrentUser = GetObject("LDAP://" & Replace(ADSysInfo.UserName, "/", "\/"))



If IsEmpty(CurrentUser.MemberOf) Then

   strGroups = ""

   ElseIf TypeName(CurrentUser.MemberOf) = "String" Then

      strGroups = LCase(CurrentUser.MemberOf)

   Else

      strGroups = LCase(Join(CurrentUser.MemberOf))

End If





Const SPECIAL1 = "ou settings users (no screen saver)"

Const SPECIAL2 = "60 minute screen saver"



Const HKEY_CURRENT_USER = &H80000001



If InStr(strGroups, SPECIAL1) > 0 Then



	strComputer = "."

	

	Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

	

	strKeyPath = "Control Panel\PowerCfg"

	strEntryName = "CurrentPowerPolicy"

	objReg.GetStringValue HKEY_CURRENT_USER,strKeyPath,strEntryName,strValue

	'Wscript.Echo "Current Power Policy: " & strValue

	

	If strValue <> 2 Then

		

		strValueSet = "2"

		objReg.SetStringValue HKEY_CURRENT_USER, strKeyPath, strEntryName, strValueSet

	

	End If



ElseIf InStr(strGroups, SPECIAL2) > 0 Then



	' This is where you would set your 60 minute time-out

	strSetScreenSaverTimeout = "\\server\share\setscreensavertimeout.exe"

	intTimeout = 3600

	Set objFSO = CreateObject("Scripting.FileSystemObject")

	Set objShell = CreateObject("WScript.Shell")

	If objFSO.FileExists(strSetScreenSaverTimeout) = True Then

		strCommand = "cmd /c " & objFSO.GetFile(strSetScreenSaverTimeout).ShortPath & " " & intTimeout

		objShell.Run strCommand, 0, True

	End If



End If

Open in new window

SetScreenSaverTimeout.txt
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34264324
That now requires .NET Framework 3.5 or greater.
0
 

Author Comment

by:erwin_miranda
ID: 34288867
Sorry sir it did not execute
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34288978
It works for me.  On Windows XP with SP3, when I go to a command prompt and run
C:\Temp\SetScreenSaverTimeout.exe 600

my screensaver timeout is set to 10 minutes.  Have you tried running it manually?

Rob.
0
 

Author Comment

by:erwin_miranda
ID: 34290287
I put the exe on a share than map to it...using your code for my script and it did not execute....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now