Skip to main content

How to get PowerShell to Greet You

This will go down as one of my more devious posts.

This week my PowerShell class seemed to be having from with my Out-Voice code that I published last year. One of them asked me if PowerShell could say good morning, afternoon, evening to you.  Well, Of course it can.  Since we were about to learn about IF statements, I turned this into an exercise. 

To get this to work, you need to accomplish 3 tasks. First, you need to create the script. Second, you need to set up a GPO to launch the script.  Third, set up a GPO to disable the 5 minutes delay in launching user logon scripts in Windows 8.1. 

Step 1: Set up the script.

You need to make my Out-Voice code available to PowerShell by downloading the code and placing it at the beginning of the logon script.  This will make it available to the local system. In the same script, copy the code below after the Out-Voice code.  Take a moment to look at the help file for Out-Voice.  You can set a female voice if you prefer.

1

2

3

4

$Hour = (Get-Date).Hour

If ($Hour -lt 12) {"Good Morning $($Env:UserName)" | Out-Voice}

ElseIf ($Hour -gt 16) {"Good Eventing $($Env:UserName)" | Out-Voice}

Else {"Good Afternoon $($Env:UserName)" | Out-Voice}

 

Line 1 gets the current hour of the day.

Line 2 will greet the user with “Good Morning” if it is before 12 noon

Line 3 will greet the user with “Good Evening” if it is 5 PM or later

Line 4 will greet with “Good Afternoon: if ether of the other two conditions fail.

Save this script to \\YourDomain.com\SYSVOL\YourDomain.com\Scripts\Greeting.ps1  The YourDomain.com is what ever your domain name is.

 

Step 2: Creating the GPO for the login script.

In this example, we are assuming that the user account(s) that you are scoping this GPO to is stored in an Organization Unit at the root of your domain called UserObjects. 

In the Group Policy Management Console right click UserObjects OU and click Create a GPO in the Domain, and Link it here…

Give the GPO a name and click OK.

Right click the GPO that you just created and click Edit.

Navigate to User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)

Double click Logon

Click the PowerShell Scripts tab.

Click Add.

Click Browse

Browse to the location in SYSVOL that you stored your script.  Select the script and click Open.

Click OK

In the drop down box for For this GPO, run scripts in the following order and select Run Windows PowerShell scripts first.

Click OK

Exit out of Group Policy Management Editor

 

Step 3: Created the GPO to allow login scripts to execute right away. (This step is only required for Windows 8.1 clients)

In this example, we are assuming that the computer account(s) that you are scoping this GPO to is stored in an Organization Unit at the root of your domain called Clients. 

In the Group Policy Management Console right click UserObjects OU and click Create a GPO in the Domain, and Link it here…

Give the GPO a name and click OK.

Right click the GPO that you just created and click Edit.

Navigate to Computer Configuration\Policies\Administrative Templates\System\Group Policy.

Open the settings for Configure Logon Script Delay

Select Enabled

Set the number of minutes to 0.

Click OK.

Exit out of Group Policy Management Editor

 

Now wait.  Normal Active Directory replication must occur, the clients must refresh their GPOs, and the users must login.  If your clients or users do not receive the GPOs, perform your standard troubleshooting methodology for Group Policy.

Comments

Popular posts from this blog

Determine which Domain Controller a client is connected to with PowerShell

When a Windows client comes online, it must find a domain controller to bind to.  Either through a static configuration or DHCP, the client will request a list of all Domain Controllers in the domain from a DNS server.  Once the list is received, the client will randomly go through the list to find a DC that will respond.  Once the client has authenticated itself with the DC, the DC will transmit the site information to the client.  The site information will contain the site name, the subnet(s) associated with that site, and any domain controllers in that site.  The client will then take a look at it’s own IP address to determine which site it is in.  From the list of DCs in the same site, it will attempt to bind to one of those DCs to receive it’s Group Policies.You can use PowerShell and WMI to locate the domain controller that a client is connected to.Get-WMIObject Win32_NTDomainLook for the DomainControllerName property.

Test to see what that data type of a value is in PowerShell

PowerShell has a comparison operator called –is.  The –is operator simply response True or False when you use it to verify the data type of a value.  The valid data types in PowerShell are:
[string]    Fixed-length string of Unicode characters
[char]      A Unicode 16-bit character
[byte]      An 8-bit unsigned character
[int]       32-bit signed integer
[long]      64-bit signed integer
[bool]      Boolean True/False value
[decimal]   A 128-bit decimal value
[single]    Single-precision 32-bit floating point number
[double]    Double-precision 64-bit floating point number
[DateTime]  Date and Time
[xml]       Xml object
[array]     An array of values
[hashtable] Hashtable object

Below is a script that will use –is to test some values.
$String="Hello"$Boolean=$True$Int=15Write-Host"Test for string"$String-is [String] $Boolean-is [String] $Int-is [String] Write-Host" "Write-Host"Test for Boolean"…

Where did a User’s Account Get Locked Out?

Updated: May 15, 2015
When this article was originally published, two extra carriage returns were add causing the code to malfunction.  The code below is correct.  

My client for this week’s PowerShell class had a really interesting question. They needed to know where an account is being locked out at. OK, interesting. Apparently users hop around clients and forget to log off, leading to eventual lock out of their accounts. The accounts can be unlocked, but are then relocked after Active Directory replication.
This problem is solved in two parts. The first one is to modify the event auditing on the network. The second part is resolved with PowerShell.
The first part involves creating a group policy that will encompass your Domain Controllers. In this GPO, make these changes.
Expand Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Advanced Audit Policy Configuration \ Audit Policies \ Account ManagementDouble click User Account ManagementCheck Configure the f…