Delete logon script from all users

Discussion:

(too old to reply)

Net Admin

2006-10-24 18:21:03 UTC

For all my users I have a logon script. I no longer need that script to run.
How do I remove the script from all users at once?
I have already deleted the script from the Sysvol folder.
Thank You

Jorge de Almeida Pinto [MVP - DS]

2006-10-24 19:14:30 UTC

Permalink

ADMOD from joeware.net....look at the examples

for a certain OU
ADFIND -b "<OU>" -f
"(&(objectCategory=person)(objectClass=user)(scriptPath=*))" -dsq |
ADMOD -unsafe scriptPath:-

for the complete domain
ADFIND -default -f
"(&(objectCategory=person)(objectClass=user)(scriptPath=*))" -dsq |
ADMOD -unsafe scriptPath:-
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

Post by Net Admin
For all my users I have a logon script. I no longer need that script to run.
How do I remove the script from all users at once?
I have already deleted the script from the Sysvol folder.
Thank You

Andrei Ungureanu [MVP]

2006-10-24 19:53:30 UTC

Permalink

delete the script from the GPO.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

"Jorge de Almeida Pinto [MVP - DS]"

Post by Jorge de Almeida Pinto [MVP - DS]
ADMOD from joeware.net....look at the examples
for a certain OU
ADFIND -b "<OU>" -f
"(&(objectCategory=person)(objectClass=user)(scriptPath=*))" -dsq |
ADMOD -unsafe scriptPath:-
for the complete domain
ADFIND -default -f
"(&(objectCategory=person)(objectClass=user)(scriptPath=*))" -dsq |
ADMOD -unsafe scriptPath:-
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

Ken Aldrich

2006-10-26 14:58:24 UTC

Permalink

Hello,

If you are using a GPO to publish the script to your users then you just
need to modify the GPO. However, if you are using the legacy scriptPath
attribute (as seen in the Profile Tab, "Logon script:" field in ADUC) then
you'll need to clear that attribute for all users.

DSRAZOR for Windows has an applet that will let you edit any single-valued
text attribute. So, it would be as simple as selecting all of your users
and pressing a "Clear Value" button, or putting in a new path if you would
like. This is very handy for updating any single or multi-valued text value
associated with users in your active directory.
Just a couple days ago I helped an administrator change the fax number on
4,000 user accounts in just a few minutes. No scripting required.

Check it out at www.visualclick.com/?source=sved102506
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com

Post by Andrei Ungureanu [MVP]
delete the script from the GPO.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au
"Jorge de Almeida Pinto [MVP - DS]"

Andrei Ungureanu [MVP]

2006-10-26 16:47:33 UTC

Permalink

ADModify.NET is another option.
--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

Post by Ken Aldrich
Hello,
If you are using a GPO to publish the script to your users then you just
need to modify the GPO. However, if you are using the legacy scriptPath
attribute (as seen in the Profile Tab, "Logon script:" field in ADUC) then
you'll need to clear that attribute for all users.
DSRAZOR for Windows has an applet that will let you edit any single-valued
text attribute. So, it would be as simple as selecting all of your users
and pressing a "Clear Value" button, or putting in a new path if you would
like. This is very handy for updating any single or multi-valued text
value associated with users in your active directory.
Just a couple days ago I helped an administrator change the fax number on
4,000 user accounts in just a few minutes. No scripting required.
Check it out at www.visualclick.com/?source=sved102506
--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com

Richard Mueller

2006-10-26 19:42:41 UTC

Permalink

A solution using the command line tools is best. However, if you want a
scripting solution you can use ADO to retrieve the Distinguished Names of
all users with a value set for the scriptPath attribute. Since the ADO
recordset is read only, you must retrieve the DN and bind to each user
object. You can use the PutEx method of the user object to clear the
scriptPath attribute, then save the change with the SetInfo method. For
example:
================
Option Explicit

Dim objRootDSE, strDNSDomain, adoCommand, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strDN, objUser

Const ADS_PROPERTY_CLEAR = 1

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on all user objects where a logon script is assigned.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(scriptPath=*))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"

' Construct the LDAP query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

' Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute

' Enumerate the recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
' Bind to the user object.
Set objUser = GetObject("LDAP://" & strDN)
' Clear the scriptPath attribute.
objUser.PutEx ADS_PROPERTY_CLEAR, "scriptPath", 0
' Save changes.
objUser.SetInfo
adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
Set objRootDSE = Nothing
Set adoCommand = Nothing
Set adoConnection = Nothing
Set adoRecordset = Nothing
Set objUser = Nothing

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net