Lab 07 Custom GPO - Herrscherr0Z/SYS255 GitHub Wiki

Creating Custom GPOs

For this lab we had to log into wks02 as a domain admin user, connect our ad01 server and create/manage or new GPOs.

Essentially we had to create two files names LastLogon.ps1 and LastLogon.bat which would record the times a user would last login.

The code for those files are listed below:

LastLogon.ps1:

#Get the userprofile environment variable $user = $ENV:USERPROFILE

#Get Current date and time $theTime = Get-Date

#Write a message with the time to a file as a string echo "You logged in at: $theTime" | Out-File -Encoding ASCII -Append -FilePath "$user\Desktop\Login-time.txt"

.Bat file

cmd /c start %windir%\System32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -ExecutionPolicy Bypass -file "%~dp0LastLogon.ps1"

Making the custom GPO

Once we connected our ad01 we clicked on "Tools" then Group Policy Management. Afterwards, locate the OU's (SYS255 OU). Right click on the Accounts OU to create a new GPO named..

getLastLogin

Afterwards, under the security filter we added "Domain Computers".

Then Right-click on getLastLogin and select "Edit"

Navigate under User Configuration => Policies => Windows Settings => Scripts (Logon/Logoff)

Double click on "Logon", then "Show Files" then copy the two files (LastLogon.ps1 and LastLogon.bat) onto the window that popped up.

Close the window that opened, then click on "Add", select LastLogon.bat then click "OK", afterwards click "Apply" then "OK"

(Its a user policy, you dont have to run gpupdate /force)