Keep in mind that any user can change the description on any computer without using your script...if they were so inclined, so if you have a need for something secure, this isn't it.
Security could be significantly improved while retaining ease of use by doing this with a startup script instead of a logon script, but then the best you'll be able to do is populating with the use who most recently logged on, though in a small environment, this may be good enough. From: Brian Desmond [mailto:[email protected]] Sent: Thursday, October 20, 2011 4:21 PM To: NT System Admin Issues Subject: RE: Script to fill in last user - ok real Q this time. In ADUC, View>Advanced Features; Right click the OU, Properties, Security, Advanced; Add; "Domain Users", switch to the properties tab, pick Descendent Computer Objects, scroll down and tick the box for Allow Write Description. Make sure you add some error handling so this doesn't pop up an error when it breaks. I assume your environment is pretty small so it's not going to generate noticeable churn. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: Crawford, Scott [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, October 19, 2011 11:56 PM To: NT System Admin Issues Subject: RE: Script to fill in last user - ok real Q this time. You'll need to give uses the rights to modify that field on all computer objects they might log into. From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, October 19, 2011 4:01 PM To: NT System Admin Issues Subject: RE: Script to fill in last user - ok real Q this time. OOOOOOOOOoooooooooooooohhhh nice, totally overlooked the GPO potential on this bad boy. From: KenM [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, October 19, 2011 1:59 PM To: NT System Admin Issues Subject: Re: Script to fill in last user - ok real Q this time. How are you running this? I would create a GPO and link to the OU you have the computers in. Under the user config assign this as a login script and also enable loopback processing for the GPO so it is applied to users. On Wed, Oct 19, 2011 at 4:49 PM, David Lum <[email protected]<mailto:[email protected]>> wrote: OK I'll try not to keep answering these myself, is there a way to make this apply to just a specific OU? I would like it to NOT run in my OU with servers in it. Can I just change the LDAP:// references to look at a specific OU? Sub DoADDescription Dim ad, objUser, objComputer Set ad = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & ad.UserName) Set objComputer = GetObject("LDAP://" & ad.ComputerName) strMessage = objUser.Department & ", " & objUser.CN & ", " & Day(Now()) & "/" & month(now()) & "/" & right(year(now()),2) objComputer.Description = strMessage objComputer.SetInfo End Sub Dave From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, October 19, 2011 1:44 PM To: NT System Admin Issues Subject: RE: Script to fill in last user Of course I send this and then find it...thanks Mr. Hutchings! :) Dave From: David Lum [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, October 19, 2011 1:41 PM To: NT System Admin Issues Subject: Script to fill in last user One of you guys has a VBS script to populate the "Description" field in AD with the last logged in user but I have lost that little tidbit..... David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
