VBS script problem - Teh Forum

<body> <div id="header"> <span class="left"> <span class="back"><a href="lthread_list.php?webtag=DEFAULT"><span class="image mobile_back" title="Back"></span></a></span> <span class="image mobile_logo" title="Beehive Forum Logo"></span> </span> <ul> <li> <a class="reply_all" href="lpost.php?webtag=DEFAULT&reply_to=40631.0&return_msg=40631.1"> <span class="image mobile_reply_all"></span><span class="text">Reply to All</span> </a> </li> <li> <a class="navigation" href="#"> <span class="image mobile_navigation"></span><span class="text">Show messages</span> </a> </li> <li> <a class="main" href="#"><span class="image mobile_menu" title="Menu"></span> </a> </li> </ul> </div> <div class="menu main"> <ul> <li><a href="lthread_list.php?webtag=DEFAULT">Messages</a></li> <li><a href="lpm.php?webtag=DEFAULT">Inbox</a></li> <li><a href="lsearch.php?webtag=DEFAULT">Search</a></li> <li><a href="llogon.php?webtag=DEFAULT">Login</a></li> </ul> </div> <div class="menu navigation"><a href="lmessages.php?webtag=DEFAULT&msg=40631.1">1–10</a><a href="lmessages.php?webtag=DEFAULT&msg=40631.11">11–20</a><a href="lmessages.php?webtag=DEFAULT&msg=40631.21">21–23</a></div> <div id="page_content"> <h3 class="thread_title"><a href="index.php?webtag=DEFAULT&amp;msg=40631.1">VBS script problem</a> </h3> <div id="messages" data-navigation="40631_1_23_10"> <a name="a40631_1"></a><div class="message" id="message_40631_1"> <div class="message_header"> <div class="message_from"> From: PNCOOL<span class="message_time"> 7 Aug 2013 16:34</span> <div class="clearer"></div> </div><div class="message_to">To: ALL<span class="message_count">1 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.1">40631.1</a></div> <div class="message_body"> Right, I know next to nothing about coding. It's not something I've ever enjoyed or wanted to do, but sometimes it becomes a necessity in my job and this current problem has me stumped.<br /><br /> We've got a bunch of clever shit kids at the moment that have worked out how to bypass all of the group policies set for our Windows 7 desktops by removing the network cables for said machines at certain points in time. They pull it out on a reboot so that it gets none of the machine policies and then put it back in. They log in and then pull it out again after about 10 seconds so that they don't get all of their user policies either. That seems to get Windows 7 giving them some kind of default profile that enables them to get to the run command, regedit and the C drive. This gives them the power to do what they like (which is usually to uninstall the anti-virus, install a remote tool and then piss off any users on that machine afterwards). We never had this problem with Xp, so I don't know why Windows 7 makes it so easy to get full rights in.<br /><br /> Anyway, lots of people on forums suggest using a script to do it that runs as they log in. It checks to see if they've got a mapped home drive (as that's one of the last things to be done in a GPO) and if it's not there, logs them off again. I'll post the script below. The problem I'm having is that my machines don't seem to run this script if i run it via the registry, which is what they're all suggesting. They say to put an entry in HKLM->Software->Microsoft->Windows->CurrentVersion->Run that runs the .vbs file, but it just doesn't seem to run... as anyone. If I run the script myself however, it runs fine.<br /><br /> Any ideas? Do I have to be really specific with what I put in the registry entry? I've tried the path it lives in, the path it lives in with either wscript and cscript at the start and also used double "\\" in the path as someone suggested that, but no luck.<br /><br /><div class="quotetext"> <b>Code:</b></div> <pre class="code"> 'check for unplugged network cord during logon 'checks for mapped drives 'merge registry key to run '| Windows Registry Editor Version 5.00 '| [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '| "check-home-dir"="\"C:\\WINDOWS\\vbs_logoff.vbs\"" 'copy this vbs file to c:\windows directory Option Explicit ' Added By SM Dim objNetwork Dim strUserName Dim WshShell, WshNetwork, ObjFSO Dim intReturn Set objNetwork = CreateObject("WScript.Network") Set WshShell = CreateObject("WScript.Shell") Set WshNetwork = CreateObject("WScript.Network") Set ObjFSO = CreateObject("Scripting.FileSystemObject") ' Wait until the user is really logged in... Added by SM While StrUserName = "" WScript.Sleep 100 ' 1/10 th of a second StrUserName = WSHNetwork.UserName ' Get the user name Wend if strUserName = "Administrator" then 'Ignore the admins <span class="emoticon e_wink" title=";-)"><span class="e__">;-)</span></span> Added By SM else 'Check if the home drive is there... Added By SM if ObjFSO.DriveExists("z:") then 'Yes it is bail out... Added By SM else 'No its not, has the network cable been pulled... Added By SM intReturn = WshShell.Popup("Please ensure the network Cable is plugged in or the Wireless Button is on.", 8, "Login Error", 0) If intReturn = 1 Then ' Trap the button click... Added By SM 'Wscript.Echo "You clicked the ok button. This would log you off" WshShell.Run "logoff.exe" Else ' The popup timedout log the user off... Added By SM 'Wscript.Echo "The popup timed out. This would log you off after a timeout" WshShell.Run "logoff.exe" End If End if End if</pre> <p> </p> </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.1&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.1"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_2"></a><div class="message" id="message_40631_2"> <div class="message_header"> <div class="message_from"> From: koswix<span class="message_time"> 7 Aug 2013 19:37</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 11:49"></span></span> <span class="message_count">2 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.2">40631.2</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_1" target="_self">40631.1</a></div> <div class="message_body"> <img alt="" src="http://www.chm.bris.ac.uk/motm/superglue/superglue-packet.gif" style="width:210px;height:280px;" /></div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.2&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.2"> <span class="rating">+2/2</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_3"></a><div class="message" id="message_40631_3"> <div class="message_header"> <div class="message_from"> From: patch<span class="message_time"> 7 Aug 2013 21:19</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 11:49"></span></span> <span class="message_count">3 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.3">40631.3</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_1" target="_self">40631.1</a></div> <div class="message_body"> Just ban the accounts of anyone who does that kind of thing. Problem solved.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.3&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.3"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_4"></a><div class="message" id="message_40631_4"> <div class="message_header"> <div class="message_from"> From: Drew (X3N0PH0N)<span class="message_time"> 7 Aug 2013 21:23</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 11:49"></span></span> <span class="message_count">4 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.4">40631.4</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_1" target="_self">40631.1</a></div> <div class="message_body"> Harness that creative energy and get the kids to fix it <span class="emoticon e_pipe" title=":Y"><span class="e__">:Y</span></span></div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.4&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.4"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_5"></a><div class="message" id="message_40631_5"> <div class="message_header"> <div class="message_from"> From: Matt<span class="message_time"> 8 Aug 2013 12:18</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 13:41"></span></span> <span class="message_count">5 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.5">40631.5</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_1" target="_self">40631.1</a></div> <div class="message_body"> Isn't the more important thing trying to work out what this default profile is (is it a local machine profile?) and why it isn't locked down and password protected?<br /><br /> Seems like there is something much more fatally flawed if they can gain access to the local machine with Administrator privileges that easily. </div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.5&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.5"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_6"></a><div class="message" id="message_40631_6"> <div class="message_header"> <div class="message_from"> From: PNCOOL<span class="message_time"> 8 Aug 2013 14:09</span> <div class="clearer"></div> </div><div class="message_to">To: Matt <span><span class="image post_read" title="Read: 8 Aug 2013 17:13"></span></span> <span class="message_count">6 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.6">40631.6</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_5" target="_self">40631.5</a></div> <div class="message_body"> That's just it, they're logging into a network profile and when it loads, they remove the network cable before it's got all of the GPO settings, effectively giving them lots more rights. So it's their profile, only it hasn't fully loaded.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.6&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.6"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_7"></a><div class="message" id="message_40631_7"> <div class="message_header"> <div class="message_from"> From: Peter (BOUGHTONP)<span class="message_time"> 8 Aug 2013 18:03</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 18:03"></span></span> <span class="message_count">7 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.7">40631.7</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_6" target="_self">40631.6</a></div> <div class="message_body"> You're doing something wrong. <p>I have no idea what, but if a correctly setup modern Windows network can be circumvented by temporarily pulling a network cable it would be all over the news and everyone here would probably already know about it. (And Microsoft would be working on a real patch, not a VBS kludge.) </p><p>The process of loading a profile should add privileges, not give full admin rights then remove them.</p></div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.7&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.7"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_8"></a><div class="message" id="message_40631_8"> <div class="message_header"> <div class="message_from"> From: PNCOOL<span class="message_time"> 8 Aug 2013 18:06</span> <div class="clearer"></div> </div><div class="message_to">To: Peter (BOUGHTONP) <span><span class="image post_read" title="Read: 8 Aug 2013 18:16"></span></span> <span class="message_count">8 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.8">40631.8</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_7" target="_self">40631.7</a></div> <div class="message_body"> They can't circumvent domain privileges, but they can circumvent ones locally. They pretty much end up with local admin rights.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.8&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.8"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_9"></a><div class="message" id="message_40631_9"> <div class="message_header"> <div class="message_from"> From: Matt<span class="message_time"> 8 Aug 2013 18:20</span> <div class="clearer"></div> </div><div class="message_to">To: PNCOOL <span><span class="image post_read" title="Read: 8 Aug 2013 18:42"></span></span> <span class="message_count">9 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.9">40631.9</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_8" target="_self">40631.8</a></div> <div class="message_body"> But that's kinda the point, why isn't the default profile locked down and if it isn't can you change the default profile so it is locked down or put a password on it?<br /><br /> Not saying you're doing it wrong, just that's what I would be looking to change rather than use a hack in the form of a VB script.</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.9&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.9"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div><a name="a40631_10"></a><div class="message" id="message_40631_10"> <div class="message_header"> <div class="message_from"> From: PNCOOL<span class="message_time"> 8 Aug 2013 18:43</span> <div class="clearer"></div> </div><div class="message_to">To: Matt <span><span class="image post_read" title="Read: 8 Aug 2013 18:50"></span></span> <span class="message_count">10 of 23</span><div class="clearer"></div> </div> </div> <div class="message_links"> <a href="lmessages.php?webtag=DEFAULT&msg=40631.10">40631.10</a> In reply to <a href="lmessages.php?webtag=DEFAULT&msg=40631.1#a40631_9" target="_self">40631.9</a></div> <div class="message_body"> Do you know how you change the default profile though?</div> <div class="message_footer"> <div class="message_footer_links"><a href="lpost.php?webtag=DEFAULT&reply_to=40631.10&return_msg=40631.1" class="reply"><span class="image post"></span>Reply</a></div> <div class="message_vote_form" data-msg="40631.10"> <span class="rating">0/0</span> <span class="image vote vote_down vote_down_off" title="Vote Down"></span> <span class="image vote vote_up vote_up_off" title="Vote Up"></span> </div> </div> </div></div> <div class="message_page_footer"> <ul> <li class="right_col"><form accept-charset="utf-8" method="get" action="lmessages.php" target="_self"><input type="hidden" name="webtag" id="webtag" class="bhinputtext" value="DEFAULT" dir="ltr" /><input type="hidden" name="msg" id="msg" class="bhinputtext" value="40631.11" dir="ltr" /><input type="submit" name="submit" id="keep_reading" value="Keep reading…" class="button" /></form></li> </ul> </div> </div> </body>