1

Hi I am looking to set the logon script parameter for a user profile, using Powershell. I was planning to use WMIC USERACCOUNT to do this but found that it is not possible. As shown below the method does not exist in the method:

    class Win32_UserAccount : Win32_Account
{
  uint32   AccountType;
  string   Caption;
  string   Description;
  boolean  Disabled;
  string   Domain;
  string   FullName;
  datetime InstallDate;
  boolean  LocalAccount;
  boolean  Lockout;
  string   Name;
  boolean  PasswordChangeable;
  boolean  PasswordExpires;
  boolean  PasswordRequired;
  string   SID;
  uint8    SIDType;
  string   Status;
};

I would prefer to do this as a statement in powershell but if that is not possible it could be done as a script I am looking to set the parameter shown in picture, for a Win Server 2008 R2 this parameter

Sam Stephenson
  • 5,200
  • 5
  • 27
  • 44

2 Answers2

1

That setting is maintained through Group Policy, reference: Specify a Program to Start Automatically When a User Logs On. Group Policy settings are ultimately handled by registry settings. The Group Policy Settings Reference for Windows and Windows Server might help you find what registry settings to change, but I didn't have luck finding it there. You'll note that a lot of the settings are HKCU which means they can only be set when the user is logged in. That may be problematic for you. The page, Windows Program Automatic Startup Locations, is a good reference on all the places in the registry that you can set a program to start.

I'd personally recommend using schtasks to do this instead. Here's an example that creates one in cmd or PowerShell:

schtasks -create -tn "Run command prompt" -tr "C:\WINDOWS\system32\cmd.exe" -sc ONLOGON
Elijah W. Gagne
  • 2,801
  • 4
  • 31
  • 29
  • Thanks this was very helpful. However, I need to do this on a per user bases ie not all users will have the same script, and that can't be done on schtasks. I couldn't find a registry setting either. Just to note if you need to change a different users HKCU you can go to regedit highlight over HKUsers File>Load Hive and select that users NTUser.dat file – Sam Stephenson Aug 03 '12 at 09:20
  • 1
    Interesting, thanks for the info. This method of using the registry seems to have two downsides. 1) These settings are not stored centrally so a change means updating every computer. 2) The user must have logged into the PC at least once so that their profile exists. Is it worth exploring this more? Using the scheduled task method, I could create an exe or powershell script that looks at who just logged in and take different action depending on who the person is. Depending on implementation, I think this could work around both of the above shortcomings. Let me know if that's helpful to explore – Elijah W. Gagne Aug 03 '12 at 12:05
  • I had the same problem about getting the NTusers.dat to be crated without the user being logged on at least once. I use mention that this was only for creating users on a local server(company we were doing the project for where not welling to give us an Active Directary or use theirs long story). So what I did was for rdp to login and logout. First you need to set creditectals to login automatical 'cmdkey /generic:TERMSRV/127.0.0.1 /user:$username /pass:$password' then the RDP 'mstsc /v:127.0.0.1' then delete after logon using 'code'cmdkey /delete:TERMSRV/127.0.0.1'code' – Sam Stephenson Aug 07 '12 at 09:24
  • This leads be to my question I've created a .bat file to log the use off once launched `logoff` but I need to assign it to the user apon loggon – Sam Stephenson Aug 07 '12 at 09:34
0

It took a long time but finally got the answer the trick was to use IADsTSUserEx. I also tried to use ADSI but could only get it to set a logon script for logging on localy. See other post. Here is the code plus for Elijiah how to set environment varibles of local users through the registry

# adds user
$objComputer = [ADSI]"WinNT://127.0.0.1"
$objUser = $objComputer.Create('user', $username)
$objUser.SetPassword($password)
$objUser.PSBase.InvokeSet('Description', "user " + $userName)
$objUser.PSBase.InvokeSet('userflags', 512)
$objUser.SetInfo();
# set password not to expire
wmic USERACCOUNT WHERE "Name = '$username'" SET Passwordexpires=FALSE
#set logoff script
$ou = [adsi]"WinNT://127.0.0.1"
$user = $ou.psbase.get_children().find("test")
$user.PSBase.InvokeSet("TerminalServicesInitialProgram", "C:\logoff.bat")
$user.setinfo()
#add to group
net localgroup $groupname $username /add
net localgroup "Remote Desktop Users" $username /add
#remote login
cmdkey /generic:TERMSRV/127.0.0.1 /user: $username /pass: $password
#add logoff script
#launch remote desktop
mstsc /v:127.0.0.1 | Out-Null
cmdkey /delete:TERMSRV/127.0.0.1
#load hive
reg load HKU\%username% "C:\Users\$username\NTUSER.dat"
#set environment valiables
Set-ItemProperty -Path HKU:\$username\Environment -Name SERVERTYPE -Type STRING -Value DIR
#Unload hive
reg unload HKU\$username
Community
  • 1
  • 1
Sam Stephenson
  • 5,200
  • 5
  • 27
  • 44