Block all logon scripts, in the Profiles / User Environment forum on BrianMadden.com

I would like to block all logon scripts that are set on the User Object in Active Directory.

Is there an easy way to do it?

Are your logon scripts residing on the OU or on the user object.

If it is just on the user object, you should just be able to delete the logon script section within the user object. If set by OU, then you may have to look at creating a group that denies access to that GPO and then put the user in that.

Cheers

Jase

Hi Jason,

It sounds like you have tons of user account objects where you need to clear the logon script value (profile tab). The script below will clear the logon script value on the profile tab of the user object for all users within the target OU.

Const ADS_PROPERTY_CLEAR = 1

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objOU = GetObject("LDAP://" & strDNSDomain)

objOU.Filter = Array("user")

For Each objUser in objOU

' This one Clears it if you just want to Clear it
objUser.PutEx "scriptPath", "", ADS_PROPERTY_CLEAR
objUser.SetInfo
Next

Note that you may need to change the strDNSDomain value to reference a target OU that you want to affect this change on if you don't want to change the value for all users in AD.

Cheers,