Shulou(Shulou.com)06/02 Report--

Reason for requirement: naming rules for all computers in AD: company +PC serial number, operating system is Windows 7 Professional version. When I used Powershell to export all the computer information in AD and sort it, I found that some of the machine names did not conform to the rules, and the operating system was Win7 Ultimate or Win10. The operating systems for these machines are not licensed by the company, and there is a legal risk. As IT personnel, these non-compliant machines should be dealt with in a timely manner. Therefore, we need to find the user of the machine in time and cultivate the user's thinking of genuine software.

Solution: Let all computers in AD display the current user login information, and communicate with non-compliant machines in time. Use the Group Policy deployment script to write user login information to the corresponding computer description or user login name

I. Log in DC, open AD User and Computer Management Center, right click Computers Organizational Unit (OU) and select Properties.

Second, select "Security","Authenticated Users" and click "Advanced".

Third, select "Authenticated Users" and click "Edit"

IV. Select "Apply to descendant computer objects" to give "Write Description Permission" and click OK (Note: Be sure to carefully review permission!!!)

5. Open Group Policy Management. You can create a new policy under the default group policy or OU. Here, the default policy is taken as an example.

VI. Right click "Default Domain Policy" and click "Edit"

VII. Select User Configuration, Windows Settings, Script (Login/Logout)

VIII. Double-click "Login", click "Add", click "Browse"

IX. Put in VBS script, click "Open", click "OK"

X. Click "Apply""OK" to close Group Policy Management and end

XI. You can use gpupdate /force to forcibly refresh the group policy. The test result is successful.

The attachment script is as follows, which can be used normally after changing to VBS suffix.

On Error Resume Next

Set objSysInfo = CreateObject("ADSystemInfo")

Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)

Set objUser = GetObject("LDAP://" & objSysInfo.UserName)

strCompDesc =objUser.CN

if strCompDesc "" then

objComputer.Description = strCompDesc & "|" & date & " " & time

objComputer.SetInfo

end if

Set objUser = Nothing

Set objComputer = Nothing

Set objSysInfo = Nothing

XII. If you need to write "User Login Name," you need to change the script "Description" and re-grant OU"Descendant Computer Object""Write"UserPrincipalName"permission, which will not be explained in detail here.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.