5

I have some scripts that I would like to run every time a user logs off. I would like to create something that programatically sets up the logoff scripts. For example, an exe or a cmd file that can be executed to add the logoff script to the list of logoff scripts that Windows executes. Because of this, a Windows API function or a Windows shell command would be preferable, but I can find no such functions or commands to help with this.

I checked on the registry edits that the local group policy editor makes when you use it to add a logoff script to group policy, but it does a lot of things that I'm not sure I can mimic. For example, it makes a lot of registry edits, and it uses numeric codes in some of the registry keys and binary data in some of the values. I would not know what the values represent.

I have tried subsets of the changes that GPEdit does in the hopes that doing so would still work. For example, I exported the changes it made to HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff and imported them on another PC, but that did not work, and the GPEdit MMC was unaware that I had even made the change.

As I said, a set of Windows API functions or a Windows shell command would be preferable if anyone knows of some that could help, but if anyone knows of a way to decode the heap of information that GPEdit makes in a way that I could mock it then I'm not against making registry changes as long as they are stable.

Whatever the solution I find and use, it has to be able to be automatic and reliable, as it will be executed remotely against many computers with psexec, and it will also be included into automated setup processes for future PCs that are set up.

Unfortunately, this seems to be a difficult topic to Google for, as many other things people are trying to do have many of the same key words that I query for but are not actually the same topic. For example, shutdown/logoff hooks for running apps, or remotely logging off users.

If anyone is a Windows registry or MMC wizard and thinks that seeing a dump of the registry changes that the GPEdit MMC makes when doing the same thing would be helpful then just say so, and I'll make that available since I've already captured it. I doubt that's the way to go, however I have started looking into how to create MMC snap-in tools; my thought is that perhaps the GPEdit snap-in itself can be reverse engineered so that I can see exactly what it's doing in a simple way. This is not going anywhere fast though, as none of the .adm files I see appear to have the settings for this, and the gpedit.msc file doesn't appear to have anything that would give it away in the plaintext part, though there is a section in it that appears as gibberish, so maybe there's some sort of magic going on in there.

Loduwijk
  • 1,950
  • 1
  • 16
  • 28
  • Why not create a process that is autostarted, so it gets shut down upon logoff. You could spawn anything there upon logoff. – TheBlastOne Apr 08 '11 at 08:25
  • @TheBlastOne What do you mean? You mean make a logon script which just sits idle forever, running under the context of the currently logged on user so that it will get terminated at logoff, and have an exit function that happens after main()? That is an interesting idea if that's what you mean. Would a forceful logoff (such as shutdown -l -f) still wait for the process to finish (and does a normal Windows logoff script, for that matter, now that I think about it, though I would assume yes)? Maybe I'll do some testing. – Loduwijk Jun 21 '11 at 19:07
  • Well, not neccessarily a logon script, since that is not exactly lightweight :) and would need to be hidden from the desktop...I was thinking about a GUI-less app that is part of the autostart group (or started upon user logon using any of the other autostart hooks Windows provides). That one could sleep forever, and trigger all what you want upon termination. Since it is an "app", just without GUI, it would be handled like any other app upon shutdown, including getting killed upon forced shutdown etc.). – TheBlastOne Jun 22 '11 at 15:13

2 Answers2

3

The task scheduler can do this as of Windows Vista. For Windows XP and previous, there does not seem to be a good answer. XP does not have the "On disconnect from a user session" trigger listed below.

There are two main command line utilities for scheduling tasks in Windows: at.exe and schtasks.exe. By themselves, neither seem to provide all of the options that you can get from the GUI interface (though schtasks comes very close). However, the Task Scheduler has an XML format that describes scheduled tasks, and schtasks.exe has an option to import tasks from an XML file.

To create a logoff script, create an XML file that describes the task you want to create. Make sure to use a trigger of "On disconnect from a user session" and select the log off from "any user" (which requires elevated privileges) and "connection from local computer." Set up all desired logoff actions (such as your logoff scripts) as task actions.

Microsoft has a list of examples for developing tasks for the Task Scheduler, including XML examples. You can find this list here.

Alternatively, you can set up your task once using the GUI tool, then you can right-click the task where it appears in the task list and select "Export." You will get a save dialog that will allow you to save the task in XML format.

I then script the setup of the task with the following command:

schtasks /create /tn "Task Name Here" /XML "path to xml file here" /ru domain\username /rp "password"

Note: partial credit should go to user606602 for the suggestion to use the task scheduler, though he was suggesting the use of the GUI application which, as per my question, would not work for this. I tried to edit his answer with the scripted version of his suggestion then accept, but a peer review declined the edit.

Loduwijk
  • 1,950
  • 1
  • 16
  • 28
1

Couldn't you just use the windows task scheduler to launch the scripts?

Newer versions of the task scheduler (e.g. Windows Server 2008, Windows Vista/7) should allow you the option to run scripts that are triggered when the user logs off.

See here

All you need to do is create a new task, then create a new trigger. From this window, select 'On disconnect from a user session' from the drop-down menu, then select the scripts you want to run from the 'Actions' tab on the task configuration window.

Ciaran Gallagher
  • 3,895
  • 9
  • 53
  • 97
  • This answer completely overlooks the fact that I said it's all automated and therefore requires a script or exe. I edited your answer to make it more complete and actually address the question that is at hand specifically. It is showing me "The edit will be visible only to you until it is peer reviewed." I will accept the answer after that has happened. – Loduwijk Jun 21 '11 at 14:05
  • Also, at the time I asked the question, we were using almost exclusively XP which does not allow this with its version of the Task Scheduler. We are finally using half Windows 7 and will convert the other half of our computers to 7 later this year, so this does apply now since the scheduler is much more robust, and I have started using it more in the last month or two. It would be nice if someone could still provide a way to do this in XP. – Loduwijk Jun 21 '11 at 14:06
  • That is odd, the edit (mentioned above) is gone. I suppose that means the peer review failed? Doesn't make sense, as this answer was 1/2 to 3/4 of the way there, it just didn't address the scripting part, which I then edited in. Sorry, I guess I can't accept the answer. I'll have to make a new answer with the corrections in it. – Loduwijk Jun 21 '11 at 18:36