Admittedly, I could have just copied a new GPT.ini into place, but then it would not have respected any previous changes and settings that had already been made. So this script checks existing configuration settings before making any changes.
Enjoy!!
'------------------------------------------------------------------------------------------------------------
' This script is used to add Logon and Logoff scripts to a local Group Policy.
' This was required to overcome some challenges in a Novell environment.
' Written by Jeremy@jhouseconsulting.com on 25th August 2008.
' When managing the policy versions you should adhere to the Microsoft standards. The version numbering
' differs for changes made to the User and Computer configuration. In order to track changes to each
' configuration, the GPO must track a version number for each configuration. With only one version number,
' the way two versions are tracked is to split the version number into two numbers.
' The top 16 bits of the version number corresponds to the user configuration version. The lower 16 bits
' of the version number corresponds to the computer configuration version. When looking at the version
' entry in the gpt.ini file what you are then seeing is:
' Version = [user version number top 16 bits] [computer version number lower 16 bits]
' Esentially, each change to the User policy will increment the version by 131072, whilst each change to
' the Computer policy will increment the version by 1.
'
' http://blogs.technet.com/grouppolicy/archive/2007/12/14/understanding-the-gpo-version-number.aspx
'
' For example: In this script we are making a change to the User portion of the policy by adding a
' logon and logoff script. Therefore we will be incrementing the version number by 131072.
'
' We also need to add the Client Side Extension (CSE) GUIDs to instructs the winlogon process
' to run the Startup/Shutdown/Logon/Logoff scripts.
' CSE GUID for script processing = {42B5FAAE-6536-11D2-AE5A-0000F87571E3}
' Tool extension GUID for user and computer policy mode settings = {40B66650-4972-11D1-A7CA-0000F87571E3}
'
' gPCUserExtensionNames - includes a list of globally unique identifiers (GUIDs) that tells the client-side
' engine which client-side extensions have User data in the Group Policy object. The format is the following:
' [{<GUID of client-side extension>}{<GUID of MMC extension>}{<GUID of second MMC extension if appropriate>}]
'
' For example: In this script we are adding logon and logoff scripts. Therefore the gPCUserExtensionNames
' will be set to the following at minimum:
' gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}]
'
' gPCMachineExtensionNames - includes a list of GUIDs that tells the client side engine which Client Side
' Extensions have Machine data in the GPO.
' The default GUIDs are as follows.
' gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]
'
' gPCFunctionalityVersion - The Version number of the Group Policy extension tool that created the Group
' Policy object.
' The default version is 2.
'
' The Option setting has 4 values.
' 0 = Enable User and Computer Configurations
' 1 = Disable User Configuration ONLY
' 2 = Disable Computer Configuration ONLY
' 3 = Disable User and Computer Configurations
' If the Option value is not present, the User and Computer Configurations are both enabled.
'------------------------------------------------------------------------------------------------------------
Option Explicit
Dim WshShell, strSystemRoot, strGPOLocation, objFSO, objFile, blnOption, strLine, strContents
Dim strLogonScript, strLogoffScript, strValue, intUserPolicy, intComputerPolicy, blnUserPolicy
Dim blnComputerPolicy, strCSEUserGUID, strToolextensionUserGUID, blnSection, blnUserExtensionNames
Dim blnVersion, blnFunctionality, blnMachineExtensionNames
Const ForReading = 1
Const ForWriting = 2
Set WshShell = WScript.CreateObject("WScript.Shell")
strSystemRoot = WshShell.ExpandEnvironmentStrings("%SystemRoot%")
strGPOLocation = strSystemRoot & "\system32\GroupPolicy\"
Set objFSO = CreateObject("Scripting.FileSystemObject")
strLogonScript = "%SystemRoot%\LoadQAT.cmd"
strLogoffScript = "%SystemRoot%\SaveQAT.cmd"
strCSEUserGUID = "{42B5FAAE-6536-11D2-AE5A-0000F87571E3}"
strToolextensionUserGUID = "{40B66650-4972-11D1-A7CA-0000F87571E3}"
blnUserPolicy = True
blnComputerPolicy = False
intUserPolicy = 131072
intComputerPolicy = 1
blnSection = False
blnFunctionality = False
blnMachineExtensionNames = False
blnVersion = False
blnUserExtensionNames = False
blnOption = False
If objFSO.FileExists(strGPOLocation & "gpt.ini") Then
Set objFile = objFSO.OpenTextFile(strGPOLocation & "gpt.ini", ForReading)
Do While objFile.AtEndOfStream = False
strLine = objFile.ReadLine
If Instr(strLine,"[General]") > 0 Then
blnSection = True
End If
If Len(strLine) > 0 AND Instr(strLine,";") <> 1 AND Instr(strLine,"[General]") <> 1 Then
strValue=split(strLine,"=")
Select Case strValue(0)
Case "gPCFunctionalityVersion"
blnFunctionality = True
Case "gPCMachineExtensionNames"
blnMachineExtensionNames = True
Case "Version"
If blnUserPolicy Then
strValue(1)=strValue(1) + intUserPolicy
End If
blnVersion = True
Case "gPCUserExtensionNames"
If trim(strValue(1))="" Then
strValue(1)="[" & strCSEUserGUID & strToolextensionUserGUID & "]"
blnUserExtensionNames = True
End If
If instr(strValue(1),strCSEUserGUID) > 0 AND instr(strValue(1),strToolextensionUserGUID) > 0 Then
blnUserExtensionNames = True
Else
If instr(strValue(1),strCSEUserGUID) = 0 Then
If Right(trim(strValue(1)),1) = "]" Then
strValue(1)=Left(trim(strValue(1)),Len(trim(strValue(1)))-1)
End If
strValue(1)=strValue(1) & strCSEUserGUID & "]"
blnUserExtensionNames = True
End If
If instr(strValue(1),strToolextensionUserGUID) = 0 Then
If Right(trim(strValue(1)),1) = "]" Then
strValue(1)=Left(trim(strValue(1)),Len(trim(strValue(1)))-1)
End If
strValue(1)=strValue(1) & strToolextensionUserGUID & "]"
blnUserExtensionNames = True
End If
End If
Case "Options"
If strValue(1)="0" Then
blnOption = True
End If
If strValue(1)="1" Then
strValue(1)="0"
blnOption = True
End If
If strValue(1)="2" Then
blnOption = True
End If
If strValue(1)="3" Then
strValue(1)="2"
blnOption = True
End If
End Select
strContents = strContents & trim(strValue(0)) & "=" & trim(strValue(1)) & VbCrLf
Else
strContents = strContents & strLine & VbCrLf
End If
Loop
objFile.Close
End If
If blnSection = False Then
strContents="[General]" & VbCrLf & strContents
End If
If blnFunctionality = False Then
strContents=strContents & "gPCFunctionalityVersion=2" & VbCrLf
End If
If blnMachineExtensionNames = False Then
strContents=strContents & "gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}]" & VbCrLf
End If
If blnVersion = False Then
If blnUserPolicy Then
strContents=strContents & "Version=131073" & VbCrLf
Else
strContents=strContents & "Version=1" & VbCrLf
End If
End If
If blnUserExtensionNames = False Then
strContents=strContents & "gPCUserExtensionNames=[" & strCSEUserGUID & strToolextensionUserGUID & "]" & VbCrLf
End If
If blnOption = False Then
strContents=strContents & "Options=0" & VbCrLf
End If
Set objFile = objFSO.OpenTextFile(strGPOLocation & "gpt.ini", ForWriting, True)
objFile.Write(strContents)
objFile.Close
WScript.Echo "Local GPO Updated"
Set WshShell = Nothing
Set objFSO = Nothing
Set objFile = Nothing
wscript.quit (0)
Post a Comment