Make a script run for SINGLE domain user

[philtomo-25]

have a basic script that i have put together, and it needs to run everytime she logs off, is there anyway that i could get this script to run (just for this user) when she logs off the domain?

I know there is the option of log off script for groups etc.. in AD, but not for the single user

cheers

phil

[OverWorked]

Use GP filtering so that GPO only applies to that user.

In GPMC, create the GPO with the logoff script.
The scope tab show the Security Filtering - it list Authenticated Users by default (i.e. everyone in the OU it's linked to and below).
Click remove to remove authenticated users and click add to add the users name.

That's it - a GPO that only applies to the named user (or group or whatever you put in the filtering). You'll still need to link it to an OU that's above the named user, or it won't apply to anyone.

[FN-GM]

Something a little easier, make an OU for the users concerned and apply the policy for that OU. If she is already in a OU with a policy make another OU inside that OU.

Z

[ajbritton]

Something a little easier, make an OU for the users concerned and apply the policy for that OU. If she is already in a OU with a policy make another OU inside that OU.

Z

That would certainly work, but it's not a particularly scalable or flexible solution. IMHO, the best way to do this would be to use the filtering, but rather than putting the user account in the DACL, I would create a group, whose name matches GPO that contains the script and add the required user(s) to the script.

I try to avoid adding users to DACLS for one simple reason. When the user account gets deleted, the DACL is left with a reference to a non-existent user account. When you look at the DACL, all you see is the GUID/SID reference. You'll have no idea who/what it refers to. If you use a group of course, the group will still be there. When you want to get rid of the group, rather than deleting it, remove all the user accounts from it and rename it as UNUSED_(old group name).

[mattx]

Why not just deploy the logoff script but within the script have an IF depending on the user variable ?

Code:

If %Username% = XYZ
 Run the script
else
 quit the script

You can use If from batch or better still use AutoIT to do it.....
Thats how I would do it anyhoo..........saves all the mucking around with OUs etc...

My motto - KEEP IT SIMPLE

[FN-GM]

I agree with mattx that will be the best solution.

Z