Windows 2000 & XP Clients Do Not Correctly Display Logon Banners 1

[brendaluv]

we are having the problem described in the KB below, here is what i did to try and fix the issue:

from our windows 2000 domain controller, i set the Message text for users trying to log on to NOT DEFINED...i am waiting for this to replicate to other DC's and clients.

once this is done, i am hoping that the message will display correctly once i recreate the logon message without any periods (.) or commas (,)

my other option is to force the message using a registry key and scripting it during the startup or shutdown...is there a way to add a registry key silently, in other words without having the user to click on OK to add the key to the local registry? i would like to avoid this.

as per :

http://support.microsoft.com/?kbid=823146

note our environment consists of win2k and XP clients along with win2k servers and 2k3 servers.

 

[markdmac]

Yes, vbscript can do it.

I hope you find this post helpful.

Regards,

Mark

 

[brendaluv]

yes it is somewhat helpful...but what would the coding/syntax look like in the Vscript?

here is the content of the Reg key that i want to add to every client.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"disablecad"=dword:00000001
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"="text goes here"
"legalnoticetext"="text goes here"
"shutdownwithoutlogon"=dword:00000000
"undockwithoutlogon"=dword:00000001


hope you can help!

 

[markdmac]

Normally I just bang out scripts like this for peopel but I just ended a 12 hour support call and am waisted. Just overtired and waiting to fall asleep right now.

Do some minor searching in the vbscript forum

http://www.tek-tips.com/threadminder.cfm?pid=329

You are looking for RegWrite
Also this should help you understand it. The syntax is very simple.

http://www.devguru.com/technologies/wsh/17418.asp

I hope you find this post helpful.

Regards,

Mark

 

[porkchopexpress]

You should be able to use the regedit /s switch to import your reg file at boot time using a startup script.

Regedit /s %Logonserver%\NETLOGON\regfile.REG

 

[markdmac]

Only thing I don't like about that is that you don't get to check if the settings are already there adn are therefore doing the import each time.

I prefer to set a key that lets me know the client was set and then bypass this part if need be.

OK, so I got about 4 hours of sleep so I'm feeling good again. Here is some code to do as I have described.

'==========================================================================
'
' NAME: RegWriteWithValidation.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.TheSpidersParlor.com[/URL]
' COPYWRITE (c) 2005 All Rights Reserved
' DATE  : 2/10/2006
'
' COMMENT: 
'
'==========================================================================
Set WSHShell = Wscript.CreateObject("WScript.Shell")
path ="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"
On Error Resume Next

CustomizedAlready = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\Customized")
'Clear any errors since the key may not exist
Err.Clear
If CustomizedAlready <> "1" Then
	'Write our values
	WSHShell.RegWrite path & "disablecad","1","REG_DWORD"
	WSHShell.RegWrite path & "dontdisplaylastusername","1","REG_DWORD"
	WSHShell.RegWrite path & "legalnoticecaption","text goes here","REG_SZ"
	WSHShell.RegWrite path & "legalnoticetext","text goes here","REG_SZ"
	WSHShell.RegWrite path & "shutdownwithoutlogon","0","REG_DWORD"
	WSHShell.RegWrite path & "undockwithoutlogon","1","REG_DWORD"
Else
	'Update already done so exit
	WScript.Quit
End If
If Not err Then
	'Writes were successful so write our flag to stop execution next time
	WSHShell.RegWrite path & "Customized","1","REG_DWORD"
End if

I hope you find this post helpful.

Regards,

Mark

 

[brendaluv]

Mark,

your script worked like a charm!...Great Great Post!!!

Cheers!!!

 

[markdmac]

Glad to be of service. Like I said, what I like about htis is that it will bypass the second time round. If you ever update your settings, just increment the Customized value (2 places in the script) so the setup will happen again.

I hope you find this post helpful.

Regards,

Mark

 

[brendaluv]

hmmm...i got overly excited...i have another problem, as i said in my previous post, the script works great...but what i forgot to mention is that the script works fine when i double click on it from my PC...but if i add it in active directory as a startup script or logon script, it doenst apply it....? any idea what i blocking it from running??

:-(

 

[markdmac]

Totally depends on how you implemented it.

My advice is to do the following:

In Windows 2000, you want to right click your domain name in AD Users & COmputers. Choose properties. Click the GPO tab. Click New. Type BannerScriptPolicy. Click the Edit button.

OK, moving on you want to maximize your performance, so if you are only going to use this GPO for the login script, right click Administrative Templates under either the Computer or User container. Click Add/Remove Template and remove ALL templates. You won't need them and they only beef up the size of your GPO which slows down replication.

OK, now drill down in the User Configuration. Choose Windows Settings, Scripts, Login. Double click Login.
Click Show Files. Paste your script in this location.
Close the explorer window that you just pasted into. Click the browse button and select your script. You are now done.

By default your new GPO is applied to All Authenticated Users. You may wish to modify the security settings as needed in your environment.

All done.

I hope you find this post helpful.

Regards,

Mark

 

[markdmac]

Any updates?

I hope you find this post helpful.

Regards,

Mark