Lab 07 Custom GPO
For this lab we had to log into wks02 as a domain admin user, connect our ad01 server and create/manage or new GPOs.
Essentially we had to create two files names LastLogon.ps1 and LastLogon.bat which would record the times a user would last login.
The code for those files are listed below:
#Get the userprofile environment variable $user = $ENV:USERPROFILE
#Get Current date and time $theTime = Get-Date
#Write a message with the time to a file as a string echo "You logged in at: $theTime" | Out-File -Encoding ASCII -Append -FilePath "$user\Desktop\Login-time.txt"
cmd /c start %windir%\System32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -ExecutionPolicy Bypass -file "%~dp0LastLogon.ps1"
Once we connected our ad01 we clicked on "Tools" then Group Policy Management. Afterwards, locate the OU's (SYS255 OU). Right click on the Accounts OU to create a new GPO named..
getLastLogin
Afterwards, under the security filter we added "Domain Computers".
Then Right-click on getLastLogin and select "Edit"
Navigate under User Configuration => Policies => Windows Settings => Scripts (Logon/Logoff)
Double click on "Logon", then "Show Files" then copy the two files (LastLogon.ps1 and LastLogon.bat) onto the window that popped up.
Close the window that opened, then click on "Add", select LastLogon.bat then click "OK", afterwards click "Apply" then "OK"
(Its a user policy, you dont have to run gpupdate /force)