[gptalk] Re: Interactive logon: Message text for users attempting to log on

  • From: "Frank B. Smith" <fsmith@xxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 3 Dec 2007 15:50:34 -0700

Not sure if the following vbs script will help you (it does add line spaces
in the login banner)
We are a small company, so I run this on the computer when I am first
setting it up (Change "the company" to your company name)
You could change line 2


Cut & snip & save with a vbs extension.
===================================
Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
 
Set objReg=GetObject("winmgmts:\\" & strComputer &
"\root\default:StdRegProv")
 
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
strValueName = "LegalNoticeCaption"
strValue = "the company  -  Authorized Users Only!"
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
 
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
strValueName = "LegalNoticeText"
strValue = "Employees must not expect that e-mail or Internet usage or any
of the data on the Systems will be private. Users must understand that the
Company owns all data, information, and communications that are stored in,
transmitted by, or received with the aid of any of it's Systems. (which
includes this computer)."
strValue = strValue & vbCrLf & vbCrLf
strValue = strValue & "Please be aware that the company cannot guarantee the
confidentiality of information on any network or networked device belonging
to it."
strValue = strValue & vbCrLf & vbCrLf
strValue = strValue & "For maintenance and security purposes, authorized
individuals within the company may monitor it's equipment, systems, and
network traffic at any time without further warning."
strValue = strValue & vbCrLf & vbCrLf
strValue = strValue & "Software of any type, including browser plug-ins and
program updates shall not be installed on this machine without the prior
permission of the Information Technology Department."
strValue = strValue & vbCrLf & vbCrLf
strValue = strValue & "By continuing to use this system you've indicated
your awareness of, and consented to the terms and conditions of use set out
in the company Electronic Communications Policy."
strValue = strValue & vbCrLf
strValue = strValue & "LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning."
objReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
===================================

Frank B. Smith
* fsmith@xxxxxxxxxxxxxxxxxx 
 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Monday, December 03, 2007 3:36 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Interactive logon: Message text for users attempting
to log on

Thanks Jakob. Worked like a charm although now my message is too long
for the dialog box. No worries there though :)

Regards,
Jamie Nelson

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Saturday, December 01, 2007 7:00 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Interactive logon: Message text for users
attempting to log on

Thanks for drilling into this Jakob. Interesting stuff. You should blog
it
so other folks know about it!


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Jakob H. Heidelberg
Sent: Friday, November 30, 2007 5:49 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Interactive logon: Message text for users
attempting
to log on

Wow Jamie,

I don't know why - but this really annoyed me too!!! Still does kinda,
but I
do have a solution I think....

I tested my previous replies using first a Windows Vista (local policy),
then a Windows XP SP2 (local policy) - I was able to make a single
"double
CRLF" - but then I noticed you mentioned the GptTmpl.inf file (indicates
domain environment), so I tried a WS2003 DC instead (a GPO at domain
level).

After a couple of hours of testing (don't know what else to do, right) I
came to the conclusion that GPEDIT seems to mess up something along the
way
- when talking carriage return. So, I too went for the GptTmpl.inf file
directly.

This is how I ended up doing it:
[Registry Values]
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalN
otic
eText=7,I don't know why this should be so hard? Jump next line
please...,"
",Let's do a comma"," and continue the line...,Line number 4 is ready","
but
let's jump line 5 & 6 now...," "," ",Line 7 finishes up this story!
- see attachment "GptTmplRegistryValues.txt" if the format is messed up
in
this body.

Also check out the "InteractiveLogonMsg.Jpg" attachment which is my
proof of
concept (from WS 2003 DC itself).

Then I added an XP SP2 to the domain and tried it out - same good
result,
see "InteractiveLogonMsgXP.Jpg".

I then tried modifying the policy setting using GPEDIT again - after
changing just a tiny bit (or hitting OK to an existing setting) within
the
GPO the formatting was ruined again! Look here:
7,I don't know why this should be so hard? Jump next line
please...,Let's do
a comma"," and continue the line...,Line number 4 is ready"," but let's
jump
line 5 & 6 now...,Line 7 finishes up this story!
- see attachment "GptTmplRegistryValuesWrong.txt" if the format is
messed up
in this body.

So, my conclusion is that GPEDIT doesn't modify the GptTmpl.inf file
properly... My best guess is it doesn't handle the quotes (") correctly.
However, you can make it work - just do the job manually, make a backup
of
it and never touch the policy with GPEDIT again...

Windows Server 2008 RC1 actually seems to have the same issue in GPEDIT
- so
I'll report it as a but right away (and hope it gets fixed before the
release).


Regards
/Jakob


-----Original Message-----
From: Jakob H. Heidelberg [mailto:jakob@xxxxxxxxxxxxxxx]
Sent: 30. november 2007 23:55
To: 'Jakob H. Heidelberg'; 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Interactive logon: Message text for users
attempting to log on

One thing though...

What I just wrote was tested with GPEDIT in Vista - so I figured I
should
try on a Windows XP SP2 box... And it behaved differently.

However, on such a box I was able to do:

Line 1
 
 
Line 2

<space> char for each empty line... It is kinda strange.


/Jakob


-----Original Message-----
From: Jakob H. Heidelberg [mailto:jakob@xxxxxxxxxxxxxxx]
Sent: 30. november 2007 23:40
To: 'gptalk@xxxxxxxxxxxxx'
Subject: RE: [gptalk] Re: Interactive logon: Message text for users
attempting to log on

Try this:


Line 1
"
Line 2

(a single quote sign in midle)

Best regards
/Jakob H. Heidelberg

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: 30. november 2007 23:31
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Interactive logon: Message text for users
attempting
to log on

Note: I also tried manually editing the GptTmpl.inf file in the GPO. A
commas represents a line break and a comma surrounded by quotes (",")
represents a comma you actually want to show up in the text. Naturally,
I
placed two commas where I wanted a double-space, but that truncated the
message as well. I guess it is just not possible.

If you guys know any tricks, I'm all ears.

Regards,
Jamie Nelson

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Friday, November 30, 2007 4:12 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Interactive logon: Message text for users attempting
to
log on

Have any of you ever come across this problem?

 

When entering text via Group Policy editor (on a Windows XP workstation)
for
the "Computer Configuration\Windows Settings\Security Settings\Local
Policies/Security Options\Interactive Logon\Interactive logon: Message
text
for users attempting to log on" setting, I am unable to double-space
paragraphs. Single CRLFs are recognized, but when try to do two it looks
like it is going to take it, but then filters out the second CRLF as
soon as
I click apply.

 

Searched the web and tried to use a suggestion someone made about using
a
non-printing ASCII character (ALT+0160) after the CRLF but all it did
was
truncate my message.

 

I did find a KB article located here
<http://support.microsoft.com/kb/330618>  that is somewhat related but
it
says the problem should not exist in Windows XP SP2 (which is what I'm
editing the GPO on).

 

This isn't a huge deal, but it is bugging the heck out of me. Any help
would
be greatly appreciated.

 

Regards,

Jamie Nelson

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: