GPO for logoff.bat to delete the cookie on local drive

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I want to create the logoff.bat file for delete the
cookie on local machine with GPO, but is not working,
here is what I did, the logoff.bat like this:
echo off
del /q " \\%computername%\c$\documents and settings\%
username%\cookie\%username, so when I test on command
prompt it work no problem,no mater I login as
administrator or glctest1 (user name), I am running
nt2003 server, so I open the GPMC, create an GPO
name "deleted cookies", and copy the logoff.bat file into
c:\training1.gov\sysvol in
traing1.gov\training1.gov\policy\{54A172EB-DD19-4E38-A3C1
\user\scripts\logoff directory, then I did the gpupdate,
when I edit the GPO, I select user configuration--
>windows settings\scripts\logoff, add logoff.bat in there.
so logoff administrator, then login glctest1, then I
search c:\documents and settings\glctest1.training1
\cookies\, all the cookies still there, what is wrong
wiht my GPO, in order for make this work, should I edit
the default domain controller policy or default domain
policy under Group Policy Objects, I don't know I am
doing this right or not. need help.

Thanks.

Lillian

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

<snip>
Hi Lillian,
I would suggest you slightly modify your script for two reasons. First,
you don't need to connect to the admin share since the script runs
locally, plus only member of Administrators can connect to c$ anyway.
Second,it's not always guaranteed that the profile will be named after
the user's logon name. So here's my idea:
del /q "%userprofile%/cookies/*.*"

You didn't mention in your post if the domain user accounts are in the
OU you linked the GPO to. You're on the right track here, don't edit the
default GPOs. Bare in mind that in order for settings under User
Configuration to apply to a user her user account must be in an OU that
is "hit" by the GPO (directly or from a parent).Respectively for
Computer configuration the computer account must be in such an OU.

Also, in your case you logged off Administrator which should trigger the
deletion of Administrator's cookies and not those of glctest1 which you
later examined. So while logged on with glctest1 review the cookies of
Administrator - they should be gone.

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.

"True knowledge exists in knowing that you know nothing."
Socrates

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Marin:

I have logoff.bat file on the c:\ directory, when I
login as glctest1, I double click logoff.bat file,
nothing happen, the cookies is still there, why? also you
mention about del /q "%userprofile%/cookies/*.*", how to
define userprofile ? I also create the separate OU is
call "Deleted cookies" under training1.gov, I did not
modify default domain policy and default domain
controllers policy.

thanks.

Lillian
>-----Original Message-----
><snip>
>Hi Lillian,
>I would suggest you slightly modify your script for two
reasons. First,
>you don't need to connect to the admin share since the
script runs
>locally, plus only member of Administrators can connect
to c$ anyway.
>Second,it's not always guaranteed that the profile will
be named after
>the user's logon name. So here's my idea:
>del /q "%userprofile%/cookies/*.*"
>
>You didn't mention in your post if the domain user
accounts are in the
>OU you linked the GPO to. You're on the right track
here, don't edit the
>default GPOs. Bare in mind that in order for settings
under User
>Configuration to apply to a user her user account must
be in an OU that
>is "hit" by the GPO (directly or from a
parent).Respectively for
>Computer configuration the computer account must be in
such an OU.
>
>Also, in your case you logged off Administrator which
should trigger the
>deletion of Administrator's cookies and not those of
glctest1 which you
>later examined. So while logged on with glctest1 review
the cookies of
>Administrator - they should be gone.
>
>HTH
>--
>Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
>-
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>
>"True knowledge exists in knowing that you know nothing."
>Socrates
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

In article <1d4ee01c453af$c181ada0$a401280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> Marin:
>
> I have logoff.bat file on the c:\ directory, when I
> login as glctest1, I double click logoff.bat file,
> nothing happen, the cookies is still there, why? also you
> mention about del /q "%userprofile%/cookies/*.*", how to
> define userprofile ? I also create the separate OU is
> call "Deleted cookies" under training1.gov, I did not
> modify default domain policy and default domain
> controllers policy.
>
> thanks.
>
> Lillian
%userprofile% is an environment variable and the OS replaces it with the
actual path under Documents and Settings to the user's profile so just
use it as typed. I didn't ask you what client OS you have though this
should work for Win2K and above. Also, please excuse my mistyping of the
slashes, they should be backslashes like:

del /q "%userprofile%\cookies\*.*"

You can also modify the *.* filter to *.txt otherwise delete gives an
error about not being able to delete index.dat (though it's no harm if
you leave it this way).

Give this a shot and let me know if it still doesn't work.
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.

"True knowledge exists in knowing that you know nothing."
Socrates

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Marin:

I use your del /q "%userprofile%\cookies\*.*" make a
batch file name call deletecookie.bat, should I copy this
file to c:\training1.gov\sysvol on
training1.gov\training1.gov\policy\{54A172EB-DD19-4E38-
A3C1\user\scripts\logoff directory, and I created the OU
is call delete cookie, import this file in here, one more
question, if I just want the only all the glctest1-
glctest16 users affect this GPO, I created an global
group call GLC_G contains all the glctest users, and
removed Authenticated Users from the Scope of GPO, so
regular users except glctest users their cookie still
remain, am I right? if I want everyone login to PC when
they logoff the PC, make all the cookies goes away, I
suppose leave Authenticated Users along, do not deleted
it, am I right?

thanks.

Lillian
>-----Original Message-----
>In article <1d4ee01c453af$c181ada0$a401280a@phx.gbl>,
>anonymous@discussions.microsoft.com says...
>> Marin:
>>
>> I have logoff.bat file on the c:\ directory, when I
>> login as glctest1, I double click logoff.bat file,
>> nothing happen, the cookies is still there, why? also
you
>> mention about del /q "%userprofile%/cookies/*.*", how
to
>> define userprofile ? I also create the separate OU is
>> call "Deleted cookies" under training1.gov, I did not
>> modify default domain policy and default domain
>> controllers policy.
>>
>> thanks.
>>
>> Lillian
>%userprofile% is an environment variable and the OS
replaces it with the
>actual path under Documents and Settings to the user's
profile so just
>use it as typed. I didn't ask you what client OS you
have though this
>should work for Win2K and above. Also, please excuse my
mistyping of the
>slashes, they should be backslashes like:
>
>del /q "%userprofile%\cookies\*.*"
>
>You can also modify the *.* filter to *.txt otherwise
delete gives an
>error about not being able to delete index.dat (though
it's no harm if
>you leave it this way).
>
>Give this a shot and let me know if it still doesn't
work.
>--
>Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
>-
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>
>"True knowledge exists in knowing that you know nothing."
>Socrates
>.
>