deny logon acroding to day and time - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » deny logon acroding to day and time

Page 1 of 1

Topic Options

#179001 - 2007-08-09 01:35 PM deny logon acroding to day and time
gf gf Fresh Scripter Registered: 2001-07-08 Posts: 29	Hi i would like to know if there is a way in kix to deny a group of users to logon monday - thursday from 1pm - 3pm i am using the following to deny users to logon specifik workstations IF LEFT(@WKSTA,3) = "LPC" IF LEFT(@USERID,1) = "e" $logof = logoff(1) ENDIF ENDIF I have tried different methods with this as a "base" IF INGROUP ("Elever") > 0 "check if it is mon,tue,we,thur AND tehe time is $logof = logoff(1) ENDIF Any sugestions ? Regards Glenn
Top

#179004 - 2007-08-09 02:13 PM Re: deny logon acroding to day and time [Re: gf]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	It depends on your settings but this should work for 24 hours time format. Code: Break on If InGroup ("Elever") $days = "Friday","Saturday","Sunday" If AScan($days, @DAY) = "-1" $time Join(Split(@TIME, ":"), "") If $time > "130000" And $time < "150000" "You are not allowed to logon today between 1pm and 4 pm." Sleep 5 $rc = LogOff(1) EndIf EndIf EndIf Edited by Mart (2007-08-09 02:14 PM) Edit Reason: Typo's _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#179005 - 2007-08-09 02:31 PM Re: deny logon acroding to day and time [Re: Mart]
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	Uhm why not just set the logon hours in ADUC? _________________________ Today is the tomorrow you worried about yesterday.
Top

#179006 - 2007-08-09 02:35 PM

Re: deny logon acroding to day and time [Re: gf]

Glenn Barnas Offline

KiX Supporter

Registered: 2003-01-28
Posts: 4402
Loc: New Jersey

Use a login script with the following example code. You'll need to adjust the tests as appropriate for your needs.

The basic idea is to set $Allow to true, then find ways to set it to false, such as workstation name, user name, group membership, or time of day.

Then, maybe, find a couple of ways to bend the rules, like Fri-Sun is fair game.

You can create more complex tests by creating values for each test, like $Day_OK, $Time_OK, $User_OK, and $Wksta_OK. Then set the $Allow value based on tests with these values in AND / OR combinations.

The TimeDiff() UDF can be used creatively to check a range of time, as illustrated here. TimeDiff is not sensitive to local time or display format.

Code:

Break Off		; exit if BREAK is pressed

$Allow = 1		; allow by default

; Change allow status based on time of day - never allow between 13:00-15:00
; TimeDiff returns the number of minutes between the current time and 15:00 of the current day
; This value will be between 120 (at 13:00) and 0 (at 15:00) during tht time range not allowed.
; Before 13:00, it will be greater than 120, and after 15:00 it will be negative, thus the following test
; You need to download and include the TimeDiff() UDF in your script
$TVal = TimeDiff('now', @DATE + ' 15:00:00', 'M') 
If $TVal < 120 And $TVal > 0
  $Allow = 0
EndIf

; Change allow status base on workstation
$Allow = IIf(Left(@WKSTA, 3) = 'LPC', 0, $Allow)

; Change allow status base on group
$Allow = IIf(InGroup('Elever', 0, $Allow)

; continue with other allow tests as appropriate, setting $Allow to 0 if not permitted



; Process exceptions to the rules

; Override the allow value if the day is not in the range
; All users are allowed at any time on Fri-Sun
If Not InStr('MONTUEWEDTHU', Left(@DAY, 3)
  $Allow = 1
EndIF





; If $Allow is zero at this point, the user should not be permitted,
; so perform a logoff
If Not $Allow
  Logoff(1)                ; exit the script - brea
EndIf

The TimeDiff UDF is here.

Glenn

_________________________
Actually I am a Rocket Scientist! $\:D$

Top

#179007 - 2007-08-09 02:43 PM Re: deny logon acroding to day and time [Re: Gargoyle]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	AD logon hour restrictions are pretty much an all or nothing solution. What if the users were allowed to log onto the network from some machines - say "classrooms" or "laptops" - but not from others, like "Labs"? A scripted solution would allow a lot of flexibility.. you could even apply "points" based on various tests. Get enough points, you can log on. Logging on to your primary station grants you a million points, effectively negating any restriction. Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#179008 - 2007-08-09 02:45 PM Re: deny logon acroding to day and time [Re: Glenn Barnas]
gf gf Fresh Scripter Registered: 2001-07-08 Posts: 29	Hi Again -> Gargoyle the reason for not using logon hours are, that 1-3 is just an example. I work at a bording school whrere i dont want pupils to logon from 17:00:00 to 18:15:00 and you cant do that with logon hours. Mart i cant get your script to work. Will $rc = LogOff(1) work on thin clients ( Terminal server?) Regards Glenn
Top

#179009 - 2007-08-09 02:52 PM Re: deny logon acroding to day and time [Re: gf]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	It was just an example to give you an idea on how it could be done. I did not test it. Glenn's example might be a better solution. _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#179010 - 2007-08-09 03:09 PM Re: deny logon acroding to day and time [Re: Mart]
Witto Witto MM club member Registered: 2004-09-29 Posts: 1828 Loc: Belgium	These are also possibilities HOW TO: Limit User Logon Time in a Domain in Windows Server 2003
Top

#179011 - 2007-08-09 03:14 PM Re: deny logon acroding to day and time [Re: Mart]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	Originally Posted By: Mart Glenn's example might be a better solution. He means me (Glenn) not you (Glenn). $;\)$ I've had mixed results with the logoff() function. You might want to look into external solutions. I seem to recall that running explorer.exe?? with certain args would reliably log the user off. You should probably experiment with different techniques for determining what's allowed and what's not, as I illustrated. My example used hard-coded values, but if I were doing this for real, I'd use an INI file and ReadProfileString() functions to load the parameters, so they could easily be changed. You could then do stuff like "if user is in group XXX, load time range XXX, replacing the default time range values with the extended/reduced time range allocated to this group's members" If you use the TimeDiff() UDF, all you need to store is the end time, and the number of minutes before the end time that are permitted. You could reverse the logic and check the start time and number of minutes permitted.. Code: $Start = '13:00' ; start of prohibited time period $Limit = 120 ; # of Minutes prohibited from start time ; the above values should be read from a config file using ReadProfileString() - EG ; $Start = ReadProfileString('\\domain\netlogon\restrict.ini', 'DEFAULT', 'RestrictStartTime') ; $Limit = ReadProfileString('\\domain\netlogon\restrict.ini', 'DEFAULT', 'RestrictDuration') $TVal = TimeDiff(@DATE + ' ' + $Start, 'now', 'M') If $TVal >= 0 And $TVal <= $Limit ; log off! EndIf Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#179012 - 2007-08-09 04:00 PM Re: deny logon acroding to day and time [Re: Glenn Barnas]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Originally Posted By: Glenn Barnas Originally Posted By: Mart Glenn's example might be a better solution. He means me (Glenn) not you (Glenn). $;\)$ LOL Yep I did mean you, me, him, ?? ok I mean Glenn B. Names should be unique just to prevent this. Quote: I've had mixed results with the logoff() function. You might want to look into external solutions. I seem to recall that running explorer.exe?? with certain args would reliably log the user off. Iirc that was rundll32. Quote: Forced immediate logoff rundll32 user32.dll,ExitWindowsEx Using Rundll Edited by Mart (2007-08-09 04:01 PM) _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#179019 - 2007-08-09 05:08 PM Re: deny logon acroding to day and time [Re: Mart]
gf gf Fresh Scripter Registered: 2001-07-08 Posts: 29	Hi thanks for all your input i am allmost done with the script. Just one last question: How would i go about executing the: rundll32 user32.dll,ExitWindowsEx from kix. Igain, thank you very much. Regards Glenn
Top

#179023 - 2007-08-09 05:28 PM Re: deny logon acroding to day and time [Re: gf]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	You could use the shell command. _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#179031 - 2007-08-09 09:08 PM Re: deny logon acroding to day and time [Re: Mart]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	yes, thanks, Mart - that's exactly what I was trying to remember.. Glenn (B) _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#179033 - 2007-08-09 09:42 PM Re: deny logon acroding to day and time [Re: Glenn Barnas]
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	you were trying to remember shell? :p _________________________ ! download KiXnet
Top

#179034 - 2007-08-09 09:50 PM Re: deny logon acroding to day and time [Re: Lonkero]
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	LOL $\:D$ _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#179035 - 2007-08-09 10:01 PM Re: deny logon acroding to day and time [Re: Mart]
gf gf Fresh Scripter Registered: 2001-07-08 Posts: 29	I think he is taking the piss on me $\:\)$ The rundll doesn't work on a terminal server but i solved it with the following lines in a bat file: query session >session.txt for /f "skip=1 tokens=3," %%i in (session.txt) DO logoff %%i del session.txt However i am still strugling I cant get any oytput from: ? $time Join(Split(@TIME, ":"), "") Regards Glenn
Top

#179046 - 2007-08-09 10:36 PM Re: deny logon acroding to day and time [Re: Lonkero]
Glenn Barnas Glenn Barnas KiX Supporter Registered: 2003-01-28 Posts: 4402 Loc: New Jersey	No, you goofball, RunDLL;blah;something;logoff.. $;\)$ I'm not old and senile enough (yet) to forget Shell! Glenn _________________________ Actually I am a Rocket Scientist! $\:D$
Top

#179048 - 2007-08-09 10:54 PM Re: deny logon acroding to day and time [Re: gf]
Witto Witto MM club member Registered: 2004-09-29 Posts: 1828 Loc: Belgium	Why output to a text if you can query text in memory Code: for /F "usebackq skip=1 tokens=2" %i in (`query session`) DO echo %i
Top

#179115 - 2007-08-10 04:23 PM Re: deny logon acroding to day and time [Re: Witto]
BillBarnard BillBarnard Starting to like KiXtart Registered: 2007-03-14 Posts: 141 Loc: Leighton Buzzard, Bedfordshire...	Getting back to a simple Active Directory solution, you can restrict users to login hours and a list of allowed workstations. _________________________ Bill
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org