Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 315
  • Last Modified:

Present and Capture Acknowledgement of Corporate Notices/Policies at Logon

We would like to use the Microsoft Network Domain login process to push corporate policies to users at the time of logon.  Is there a product, or is there a way to do this?

Ideally, the user would have to acknowledge acceptance of the policy to gain access to network services.  In addition, we would need to capture the user's ID, the date/time of acknowledgment, and the document being acknowledged, so that we can ensure that the employee base has received and accepted the policies.  So, it also would be great to be able to report on the level of acknowledgement, as compared to the AD group of full-time employees, etc.

This seems like it would be a great way for HR to communicate corporate notices, etc. so I'm a bit surprised I've not run into anything that would assist with this type of communication.
1 Solution
We have this set up.

When you press ctrl alt del it has a pop up you must say yes to before continuing.

It is done via domain security policy.

Admin tools - > Domain Security Policy -> Local Policies -> Security Options ->Interactive Logon Messagre text for users at attempting to log in

You can set whatever text you want for this pop up window.

hope this helps.
dbrignerAuthor Commented:
Thanks, Jonah.

I should have mentioned that our policies may be a bit more than login message text - it may extend to several pages.  Think legal document.  

You didn't mention, but are you capturing the user, the document name being presented, and the date/time of acceptance?

Well, all of that is captured by default because the user must accept prior to logging in.

So just the fact that they logged in shows that they accepted the terms of service.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

dbrignerAuthor Commented:
But it may not just be terms of service.  This would be a vehicle to present multiple communications, and would change over time, such as when HR has something they need to ensure everyone has seen and accepted.  Policies may range from benefits information, to new company procedures, annual training notices, etc.  Once a user accepts the terms and that information is captured, the user would not be presented with that policy again.  

This would only be used for those items that legally require us to maintain records of when each employee acknowledges a policy.  I would have thought that SOX, PCI-DSS, and any number of other standards would neccesiate the need for an automated system such as this, to prevent HR from having to physically go to each employee and gather a signature whenever they need to do so.  Tying this to the network login process just seemed to be a good way to ensure that each employee sees and accepts the communication.

I understand your comment that the act of gaining network access would imply acceptance, but we would have to capture which document is being accepted during any given policy push, along with the user/date/time, which hopefully we could create reports against.

So this goes way beyond a simple network terms of service statement.
Got it. That is much more in depth than I had first perceived.

dbrignerAuthor Commented:
Not at all - I appreciate the prompt response.
dbringer, this is a quite a large task, as there is no build in way of providing such a "utility".  What we have done, however, is build a HTA, which consists of HTML content, that is launched by an entry similar to this added to workstation computers at "StartUp".

Key: HKLM\Sofware\Microsoft\Windows\CurrentVersions\RunOnce
Value Name: ShowCompanyPolicy
Value Data: mshta.exe "\\domain.com\sysvol\domain.com\scripts\Policy.HTA

This HTA is then custom written with HTML and VBScript code that can log the deny or acceptance, and ours will actually "log off" if they decline.

This of course if not fool-proof.  There are ways around it, the easiest is starting Task Manager and running a "new task" of explorer.exe

Perhaps give that a quick try, and see how that suits your needs.


Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Tackle projects and never again get stuck behind a technical roadblock.
Join Now