Adding a logoff script

Question

I have some scripts that I would like to run every time a user logs off. I would like to create something that programatically sets up the logoff scripts. For example, an exe or a cmd file that can be executed to add the logoff script to the list of logoff scripts that Windows executes. Because of this, a Windows API function or a Windows shell command would be preferable, but I can find no such functions or commands to help with this.

I checked on the registry edits that the local group policy editor makes when you use it to add a logoff script to group policy, but it does a lot of things that I'm not sure I can mimic. For example, it makes a lot of registry edits, and it uses numeric codes in some of the registry keys and binary data in some of the values. I would not know what the values represent.

I have tried subsets of the changes that GPEdit does in the hopes that doing so would still work. For example, I exported the changes it made to HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff and imported them on another PC, but that did not work, and the GPEdit MMC was unaware that I had even made the change.

As I said, a set of Windows API functions or a Windows shell command would be preferable if anyone knows of some that could help, but if anyone knows of a way to decode the heap of information that GPEdit makes in a way that I could mock it then I'm not against making registry changes as long as they are stable.

Whatever the solution I find and use, it has to be able to be automatic and reliable, as it will be executed remotely against many computers with psexec, and it will also be included into automated setup processes for future PCs that are set up.

Unfortunately, this seems to be a difficult topic to Google for, as many other things people are trying to do have many of the same key words that I query for but are not actually the same topic. For example, shutdown/logoff hooks for running apps, or remotely logging off users.

If anyone is a Windows registry or MMC wizard and thinks that seeing a dump of the registry changes that the GPEdit MMC makes when doing the same thing would be helpful then just say so, and I'll make that available since I've already captured it. I doubt that's the way to go, however I have started looking into how to create MMC snap-in tools; my thought is that perhaps the GPEdit snap-in itself can be reverse engineered so that I can see exactly what it's doing in a simple way. This is not going anywhere fast though, as none of the .adm files I see appear to have the settings for this, and the gpedit.msc file doesn't appear to have anything that would give it away in the plaintext part, though there is a section in it that appears as gibberish, so maybe there's some sort of magic going on in there.

Answer 1

The task scheduler can do this as of Windows Vista. For Windows XP and previous, there does not seem to be a good answer. XP does not have the "On disconnect from a user session" trigger listed below.

There are two main command line utilities for scheduling tasks in Windows: at.exe and schtasks.exe. By themselves, neither seem to provide all of the options that you can get from the GUI interface (though schtasks comes very close). However, the Task Scheduler has an XML format that describes scheduled tasks, and schtasks.exe has an option to import tasks from an XML file.

To create a logoff script, create an XML file that describes the task you want to create. Make sure to use a trigger of "On disconnect from a user session" and select the log off from "any user" (which requires elevated privileges) and "connection from local computer." Set up all desired logoff actions (such as your logoff scripts) as task actions.

Microsoft has a list of examples for developing tasks for the Task Scheduler, including XML examples. You can find this list here.

Alternatively, you can set up your task once using the GUI tool, then you can right-click the task where it appears in the task list and select "Export." You will get a save dialog that will allow you to save the task in XML format.

I then script the setup of the task with the following command:

schtasks /create /tn "Task Name Here" /XML "path to xml file here" /ru domain\username /rp "password"

Note: partial credit should go to user606602 for the suggestion to use the task scheduler, though he was suggesting the use of the GUI application which, as per my question, would not work for this. I tried to edit his answer with the scripted version of his suggestion then accept, but a peer review declined the edit.

Answer 2

Couldn't you just use the windows task scheduler to launch the scripts?

Newer versions of the task scheduler (e.g. Windows Server 2008, Windows Vista/7) should allow you the option to run scripts that are triggered when the user logs off.

See here

All you need to do is create a new task, then create a new trigger. From this window, select 'On disconnect from a user session' from the drop-down menu, then select the scripts you want to run from the 'Actions' tab on the task configuration window.