In this page I detail how I created a custom GPO

Notes

First I opened WKS02, where I had already installed RSAT Server manager, and installed RSAT Group Policy Management tool with the command:

DISM.exe /Online /add-capability /CapabilityName:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0

NOTE: this may take a while, it also helped by occasionally pressing the ENTER key

After that setup was complete, I went to server manager and selected ad01-firstname > then selected "Tools" in the upper left and selected "Group Policy Management". From the SYS255 OU, looks like a folder, I expanded it to find Accounts OU. I left this and proceeded to work on the code.

Firstly I created "LastLogon.ps1":

File on Github: https://github.com/Oliver-Mustoe/DNE-255-FA21/blob/main/week05/homework/LastLogon.ps1

Copy/Paste:

#Get the userprofile environment variable
$user = $ENV:USERPROFILE

#Get Current date and time
$theTime = Get-Date

#Write a message with the time to a file as a string.
echo "You logged in at: $theTime" | Out-File -Encoding ASCII -Append -FilePath "$user\Desktop\Login-time.txt"

Secondly I created "LastLogon.bat":

File on Github: https://github.com/Oliver-Mustoe/DNE-255-FA21/blob/main/week05/homework/LastLogon.bat

Copy/Paste:

cmd /c start %windir%\System32\WindowsPowershell\v1.0\powershell.exe -windowstyle hidden -ExecutionPolicy Bypass -file "%~dp0LastLogon.ps1"

To test these work I loaded both on the desktop, where I ran LastLogon.bat, which generated a file called "Login-time" which once opened shows your last login in notepad.

Then I went back to the Account GPO, from above, and right clicked on the Account folder and selected "Create a new GPO" which I named "getLastLogin". I then double clicked on the new GPO > In the "Security Filter" section I added Domain Computers, and didn't touch Authenticated Users.

Then I right clicked on getLastLogin and selected "Edit" and followed this path: User Configuration > Windows Settings > Scripts. Then I clicked on Scripts and double clicked Logon.

I then clicked "Show Files…", then dragged the two logon files made above into this folder that popped up. Then I closed the Window > pressed "Add" > pressed "Browse" > then selected "LastLogon.bat" > clicked "OK" > clicked "Apply" > clicked "OK" > Close out of the editor.

To test all was working I signed in as either alice or bob on WKS01, since in SYS255 Entry for: ADDS Group Policy we set those two as apart of the OU, where after login and waiting a second or two a text file named "Login-time" which once opened shows your last login in notepad.