Saleem
(Hey THIS is FUN)
2007-06-20 06:17 AM
Again AUP

Dear All
My company decided to get signed our AUP by every single user who logged on to our domain, we decided to do it threw login script, Our AUP is a 4 page document, I am looking for some suggestions here.

Currently I have some ideas like break the AUP by parts for example to day show only Password policies, tomorrow E-mail so on
Make four texts for four policies, name it as pol1.txt, pol2.txt…… place it a central location where all user have read write privilege. When a user accept a policy write down his details to that central location some thing like “User XY signed policy number one time date etc…” name the file as USERIDPOL1.txt next time same user loges on script check for the existence of USERIDPOL1.txt if the file if exist show user second file and do similar operation until user sign all the policies.

Now here I request for some ideas and best practice

Some of you must have done it on better way on your organization, also if some one can post a sample script to do it above mentioned way it will be helpful for me.

NTDOCAdministrator
(KiX Master)
2007-06-20 08:25 AM
Re: Again AUP

If you have Web Developers just create a mini Website that will contain the information and log from input forms.

Even more elaborate methods are possible, just depends on the resources you have available to you and the time frame.

You can create interactive training pages with programs like Adobe Captivate or Camtasia

http://www.adobe.com/products/captivate/

http://www.techsmith.com/camtasia.asp

You could also create your own from within Flash Professional if you have someone to do it.

That way it's not so dull and drab and users still have to sign that they've attended/seen/read the material.

Saleem
(Hey THIS is FUN)
2007-06-20 08:32 AM
Re: Again AUP

Thanx for quick reply..

But how can I force them to sign and record their details ??

can I integrated this solution with login script ?

NTDOCAdministrator
(KiX Master)
2007-06-20 06:13 PM
Re: Again AUP

 Quote:
can I integrated this solution with login script ?


You can, but it's not very elegant.

Basically AFTER login (most legal documents state something to the affect that you must not allow them to login UNTIL they agree, but Windows does not support that) redirect them to a Web page or other similar documentation. Make them sign something and record it to a .INI file. Then read the ini file for the current user and if name not found then FORCE a log off.

Saleem
(Hey THIS is FUN)
2007-06-21 08:39 AM
Re: Again AUP

I have done some exercise:

I know it can be done better

please review this code and suggest me

 PHP:
Break on Color C/N Box(0, 0, 24, 79, GRID) Color g/N Box(2, 20, 20, 59, FULL) Box(2, 20, 4, 59, FULL) Color Y+/N At(3, 29) "WELCOME TO ABC NETWORK" At(6, 21) "The following box will show ABC AUP" At(8, 21) " Please read carefully and accept" At(10, 21) "Please press OK Button after you read" At(12, 21) "For further queries call Help desk. " Color W+/N At (18,25) "Press any key to continue....." Get $x ? " " CLS $msg1="ABC PASSWORD POLICY @CRLF" $msg2="@CRLF" $msg3="Password has to be minimum 6 charecters @CRLF" $msg4="Password has to be compbination of number and alphebets @CRLF" $msg5="ABC E-MAIL POLICY @CRLF" $msg6="@CRLF" $msg7="Email has to be Business purpose @CRLF" $msg8="Email box size has to be not more than 5 mb @CRLF" $msg9="ABC INTERNET POLICY @CRLF" $msg10="@CRLF" $ms11="Internet has to be Business purpose @CRLF" $ms12="Internet usage need to be restricted @CRLF" ;$pol1=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID", "@USERID agreed pol1") If Exist ("D:\kix\aup_files\@USERID.ini")=0 $Selection = MessageBox($msg1+$msg2+$msg3+$msg4,"ABC AUP",0) ? $Selection If $Selection = 1 WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 1", "agreed pol1") EndIf Else $pol1=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 1") If ($pol1="agreed pol1") $Selection = MessageBox($msg5+$msg6+$msg7+$msg8,"ABC AUP",0) ? $Selection If $Selection = 1 WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 2", "agreed pol2") EndIf EndIf $pol2=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 2") If ($pol2="agreed pol2") $Selection = MessageBox($msg9+$msg10+$msg11+$msg12,"ABC AUP",0) ? $Selection If $Selection = 1 WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 3", "agreed pol3") EndIf EndIf EndIf


Please let me know how ca I make it work suppose I have 10 policies

NTDOCAdministrator
(KiX Master)
2007-06-21 08:58 AM
Re: Again AUP

Well if you really want to go down this road with KiXtart then how about using KiXforms?

Using KiXforms will look much nicer and allow user input that is not easy to achieve with KiXtart alone.

You would have to deploy KiXforms to all the desktops though, which can be done via policy.

Saleem
(Hey THIS is FUN)
2007-06-21 10:25 AM
Re: Again AUP

I would really concider using Kixforms....

Please give me some code example...

Mart
(KiX Supporter)
2007-06-21 10:44 AM
Re: Again AUP

 Originally Posted By: Saleem

....
Please give me some code example


Have a look at the kixforms website. Lots of examples there.

Saleem
(Hey THIS is FUN)
2007-06-21 10:52 AM
Re: Again AUP

sorry

I mean to say how can I re-code my above code on Kix forms format ?? Also how can I solve the issues I mentioned above?

Saleem
(Hey THIS is FUN)
2007-06-21 12:36 PM
Re: Again AUP

Time being please help me to correct this code

Please tell me how can I add more policies here
For Exa:-

when a user logs logs on first time should show first policy
second time only second policy
third time third one
forth time skip all and continue with the rest of the script
please see the below code, it works fine for first time attempt and failing for second and third time

 Quote:

If Exist ("D:\kix\aup_files\@USERID.ini")=0

$Selection = MessageBox($msg1+$msg2+$msg3+$msg4,"ABC AUP",0)

If $Selection = 1
WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 1", "agreed pol1")
EndIf
EndIf
$pol1=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 1")
$pol2=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 2")
$pol3=ReadProfileString ("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 3")

If ($pol1="agreed pol1")
$Selection = MessageBox($msg5+$msg6+$msg7+$msg8,"ABC AUP",0)

If $Selection = 1
WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 2", "agreed pol2")
EndIf
EndIf


If ($pol2="agreed pol2")
$Selection = MessageBox($msg9+$msg10+$msg11+$msg12,"ABC AUP",0)

If $Selection = 1
WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 3", "agreed pol3")
EndIf
EndIf


Please help...

DrillSergeant
(MM club member)
2007-06-21 01:46 PM
Re: Again AUP

because of the 4 x please in your post, I just felt obliged to help ;\)

 Code:
$inifile = "d:\kix\aup_files\@USERID.ini"

Select
	Case ReadProfileString($inifile,"Pol ID","Agreement 1") <> "agreed pol1"

		$Selection = MessageBox($msg1+$msg2+$msg3+$msg4,"ABC AUP1",324)

		If $Selection = 6
			$nul = WriteProfileString($inifile,"Pol ID", "Agreement 1", "agreed pol1")
		EndIf

	Case ReadProfileString($inifile,"Pol ID","Agreement 2") <> "agreed pol2"
		
		$Selection = MessageBox($msg5+$msg6+$msg7+$msg8,"ABC AUP2",324)
		
		If $Selection = 6
			$nul = WriteProfileString($inifile,"Pol ID", "Agreement 2", "agreed pol2")
		EndIf

	Case ReadProfileString($inifile,"Pol ID","Agreement 3") <> "agreed pol3"

		$Selection = MessageBox($msg9+$msg10+$msg11+$msg12,"ABC AUP3",324)

		If $Selection = 6
			$nul = WriteProfileString($inifile,"Pol ID", "Agreement 3", "agreed pol3")
		EndIf

EndSelect


NTDOCAdministrator
(KiX Master)
2007-06-21 06:59 PM
Re: Again AUP

Well since The Sarge coded for you there - you should be in good hands

Sealeopard
(KiX Master)
2007-06-22 05:30 AM
Re: Again AUP

Email the doc/PDF to existing users and ask them to reply via voting buttons in .e.g Outlook. New users would then have to sign the AUP as part of the request form for an AD password. Finally, use the Lagal Caption option during log in to state that logging into the computer implies consent with the AUP.

I know, the low-tech approach :-)

Arend_
(MM club member)
2007-06-22 11:52 AM
Re: Again AUP

You could make a form in Kixforms as the Doc suggested earlier. And make that form initiate at the end of the loginscript have an Accept and Deny button. If they press the accept button, write the @userid value. If they press the deny button initiate shutdown.exe, write it back to an deny ini, and have an admin script check the deny ini regularly to disable the denied account in the AD.

Anyway thats just my idea.

Mart
(KiX Supporter)
2007-06-22 01:41 PM
Re: Again AUP

Shutdown is build-in in Kix ;\) No need for external exe's.

Saleem
(Hey THIS is FUN)
2007-06-23 08:04 AM
Re: Again AUP

Thanx for your replies...


I have decided to wright my above code (may be DrillSergeant code) on kixforms format, because my management wants to make it on more fancy way

I am off for two days I’ll test the code on Sunday and post the result.

Thanx for the help from u guys…

Saleem
(Hey THIS is FUN)
2007-06-25 10:59 AM
Re: Again AUP

This is my first KiX forms script

Please let me know how to make it more attractive with those soft touchings……


 Code:
 
Break On 
	$msg1="Password has to be minimum 6 characters @CRLF"
	$msg2="Password has to be combination of number and alphabets @CRLF"
	
	$msg3="E-Mail has to be Business Usage @CRLF"
	$msg4="Mail box size should not exceed more than 5 mb @CRLF"
	
	$msg5="Internet has to be Business purpose @CRLF"
	$msg6="Internet usage need to be restricted @CRLF"
	
	$System = CreateObject("Kixtart.System")
	$form1 = $System.Form();
	$button1 = $form1.Controls.Button ()
	$button2 = $form1.Controls.Button ()
	$button1.Text = "OK";
	$button1.Location = $System.Point (10, 400)
	$button2.Text = "Cancel";
	$button2.Location = $System.Point (500, 400)
	
	
	$button1.DialogResult = $System.DialogResult.OK
	$button2.DialogResult = $System.DialogResult.Cancel
	
	$form1.Text = "Abu Dhabi Islamic Bank AUP"
	$form1.FormBorderStyle = $System.FormBorderStyle.FixedDialog
	$form1.StartPosition = $system.formStartPosition.centerScreen
	$Form1.Width = 680
	$Form1.bottom = 700
	
 If Exist ("D:\kix\aup_files\@USERID.ini")=0	
	 $label1 = $form1.label("ABC Password Policy")
	 $label1.FontSize=20
	 $label1.Left = 200
	 $label1.width = $form1.scalewidth-$label1.Left-90
	 $label1.height = 50
	 $label2 = $form1.label($msg1)
	 $label2.FontSize=15
	 $label2.location = 5,50
	 $label2.width = 680
	 $label3 = $form1.label($msg2)
	 $label3.FontSize=15
	 $label3.location = 5,80
	 $label3.width = 680
	 
	 $button1.default = true
	 $button2.cancel = true
	
	$= $form1.ShowDialog()
	If ($form1.DialogResult = $System.DialogResult.OK)
	 $= $System.MessageBox.Show("AUP Agreed")
	 $=WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 1", "@Userid agreed pol1") 
	Else
	 $= $System.MessageBox.Show("AUP Declined");
	EndIf
	Gosub end
EndIf
	
If ReadProfileString("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 2") <> "@Userid agreed pol2"

	$label1 = $form1.label("ABC E-Mail Policy")
	$label1.FontSize=20
	$label1.Left = 200
	$label1.width = $form1.scalewidth-$label1.Left-90
	$label1.height = 50
	$label2 = $form1.label($msg3)
	$label2.FontSize=15
	$label2.location = 5,50
	$label2.width = 680
	$label3 = $form1.label($msg4)
	$label3.FontSize=15
	$label3.location = 5,80
	$label3.width = 680
	
	$button1.default = true
	$button2.cancel = true
	$= $form1.ShowDialog()
	If ($form1.DialogResult = $System.DialogResult.OK)
	 $= $System.MessageBox.Show("AUP Agreed")
	 $=WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 2", "@Userid agreed pol2") 
	Else
	 $= $System.MessageBox.Show("AUP Declined");
	EndIf
	Gosub end
EndIf 

If ReadProfileString("d:\kix\aup_files\@USERID.ini","Pol ID","Agreement 3") <> "@Userid agreed pol3"

	$label1 = $form1.label("ABC Internet Policy")
	$label1.FontSize=20
	$label1.Left = 200
	$label1.width = $form1.scalewidth-$label1.Left-90
	$label1.height = 50
	$label2 = $form1.label($msg5)
	$label2.FontSize=15
	$label2.location = 5,50
	$label2.width = 680
	$label3 = $form1.label($msg6)
	$label3.FontSize=15
	$label3.location = 5,80
	$label3.width = 680
	
	
	$button1.default = true
	$button2.cancel = true
	$= $form1.ShowDialog()
	If ($form1.DialogResult = $System.DialogResult.OK)
	 $= $System.MessageBox.Show("AUP Agreed")
	 $=WriteProfileString("d:\kix\aup_files\@USERID.ini","Pol ID", "Agreement 3", "@Userid agreed pol3") 
	Else
	 $= $System.MessageBox.Show("AUP Declined");
	EndIf
	Gosub end
EndIf 

:end
Exit


Saleem
(Hey THIS is FUN)
2007-06-27 08:27 AM
Re: Again AUP

Plese give me a hand...

NTDOCAdministrator
(KiX Master)
2007-06-27 08:39 AM
Re: Again AUP

Probably have to wait a few hours for some of the other members that are good with KiXforms to come online. I only dabble with it

Saleem
(Hey THIS is FUN)
2007-07-02 09:05 AM
Re: Again AUP

One questian

Can I write the details to a database instead of INI file ?? can login script directly write to a Database without configuring clear text password on the script ??

Just a thought...

NTDOCAdministrator
(KiX Master)
2007-07-02 09:29 AM
Re: Again AUP

Yes you should be able to read/write to a database during login with KiXtart.

Saleem
(Hey THIS is FUN)
2007-07-02 10:15 AM
Re: Again AUP

can you please explain more about this ?? read/ write means ??

NTDOCAdministrator
(KiX Master)
2007-07-03 09:32 AM
Re: Again AUP

Pretty much what you asked. A database is similar to a file in that you can read and write to it (you just need to use a specific method to connect to a database and then specific code to read from it and write to it)

There is more information on the subject in the FAQ I think as well as some UDFs for using databases.

 Originally Posted By: saleem
One questian

Can I write the details to a database instead of INI file ?? can login script directly write to a Database




Saleem
(Hey THIS is FUN)
2007-07-03 12:22 PM
Re: Again AUP

OK
But to connect to a database we have to give ID and Password on clear text right ??

NTDOCAdministrator
(KiX Master)
2007-07-03 08:14 PM
Re: Again AUP

Depending on the connection type and database type you could use base64 for the user name password.

Saleem
(Hey THIS is FUN)
2007-07-04 12:19 PM
Re: Again AUP

Thanx for your response NTDOC

I am really lost about encrypting ID and Password on Kix script, please give me a simple example how to do it.

My I idea is :-
1. Check user has signed all policies if not show first policy and get it signed
2. Second time login, read database check 1st policy exist. If so display only second policy and get it signed
3. 3rd time login read again database check for 1st and 2nd policy exists if so show only 3rd policy and sign
4. 4rth time login skip that complete part....

The connection ID and password must be encrypted

Please give me a n example if it is doable

LonkeroAdministrator
(KiX Master Guru)
2007-07-04 12:55 PM
Re: Again AUP

it's doable alright but you shouldn't go there.
too complex setup for such a simple task, imo.

Saleem
(Hey THIS is FUN)
2007-07-04 01:28 PM
Re: Again AUP

Hi Jooel

Please suggest me better idea...

LonkeroAdministrator
(KiX Master Guru)
2007-07-04 02:41 PM
Re: Again AUP

what's wrong with the ini-approach?

it's easy to write to and read from and collecting data into nice tables or graphs is easy as drinking coffee.

Saleem
(Hey THIS is FUN)
2007-07-05 08:03 AM
Re: Again AUP

ur right...

if we go for INI thing can I make it on single INI for all users ? how do i check user exist there and signed which policy and all on a single ini?

beacuse using single INI is more conveninat for consolodating the result.

Mart
(KiX Supporter)
2007-07-05 09:42 AM
Re: Again AUP

Your ini file could look something like this.

 Quote:

[user1]
AUP1=yes
AUP2=no
AUP3=no

[user2]
AUP1=no
AUP2=no
AUP3=no


So if you use readprofilestring and you get back no for a policy then just display it and set the value to yes with writeprofilestring if he/she accepts te policy. If a user does not exist readprofilestring will return nothing.

LonkeroAdministrator
(KiX Master Guru)
2007-07-05 12:23 PM
Re: Again AUP

ya, that would work.
but instead of writing all users in the ini, make a blank ini and write only the "yes" ones there.

kixtart will automatically make the sections and thus you don't need to do any hand work with the ini.

on the next runs, you can check if there is "yes" check all the other ones.

Saleem
(Hey THIS is FUN)
2007-07-19 06:04 AM
Re: Again AUP

Guys...
This issue still burns…
Please give me an example of a database connectivity script with explicit permission for logon user... (I.e. non need to mention password on clear text)

Sealeopard
(KiX Master)
2007-07-20 03:25 AM
Re: Again AUP

See the DBExecuteSQL() UDF. A selection of connection strings is available at http://www.connectionstrings.com