Re: Powerful login script??

Hello,

Do you really need SQL Server to house your company policy and user state info (i.e., last policy acceptance date)? Each of your
3000 client computers will need to have SQL Server ODBC/OLEDB drivers installed IF you want the login script to run on each computer
and access SQL Server directly.

You should be able to store your company policy as a text file on a network share and create a text file for each user containing
the last time he/she accepted the policy. The 3000 user text files could also be stored on a network share and have filenames =
usernames.

The login script will be triggered by a GPO and will always run. The script will have logic to determine whether to popup your
policy acceptance form or not depending on what date is stored on the user's text file. The form can be created using the
InternetExplorer object, although it's not straightforward since you have to create a "polling loop" around the asynchronous IE form
to monitor form fields and events.

If you really must have SQL Server in the picture, I'd recommend splitting the logic into a client login script and an ASP page on a
web server that has the SQL Server drivers installed. In this scenario, the login script will hand off processing to the web server
when it navigates the IE browser object to your ASP page. The login script will have much simpler logic since it won't need the IE
polling loop anymore as well as embedded HTML to build your IE form on the fly.

You'll still need the user (last accept date) text files in this scenario though since they're needed by the login script to
determine whether to display your ASP page or not.

HTH,
Ato



"hellowangja" <hellowangja@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EA5C3916-47A8-41B3-A0B2-3B6D4F4054AC@xxxxxxxxxxxxxxxx
> Hi all, I've got a question on how powerful a login script can be...
>
> Environment I've got : We've got windows 2000 server with domain
> controller/active directory, 3000 desktops login to the domain everyday.
>
> My Requirements :
> Show a popup to the client machine during the login and boot up process,
> show our company's policy(grabbed from MS-SQL). The popup box must have a
> tick box users can tick to accept the policy. User may proceed without
> ticking the box and the logon process continues. The user's policy acceptance
> history is logged into SQL database.
>
> Condition for the meesage box popup : There's a condition for the popup box
> to show up though. If the user has seen this box and agreed with the policy
> last 6 weeks, then the message box doesn't even show up for the user.
>
>
> I am actually not a system admin, I'm a developer who can write vbscript.
> I'm totally new to this area and want to know the feasibility of the project
> using wsh(vbscript/javascript).
>
>
> ,,, Login scripts are run on client computers, don't they??? If so, our 3000
> client computers must have access to the sql server?? Am I right?
>
> ,,, It's going to be great if the login script runs on server, not on
> client, Can anybody confirm where it runs..
>
> ,,, What I am trying to do is impossible, or is there any alternative
> solutions??
>
>
> In summary, what I want to achieve is as below,
> 1. As a user logs in, based on username on the domain, do a database query
> to find out the user has ever accepted the polocy last 6 weeks. If not, the
> user gets a policy acceptance popup. The popup displays the policy retrieved
> from a database available to the server(domain controller).
> 2. User ticks "Agree" checkbox and click "Continue"
> 3. It triggers the server to run a stored procedure and logs the user into
> the history log for future reference.
>
> Is this possible? What is the best solution for this requirement?
>
>
> Please advise,,
>
> Thank you all experts out there in advance!!
>
> --
> John Choi
> .NET Developer


.

Relevant Pages

  • Re: Powerful login script??
    ... Another way to solve this is to put your company's policy in the "Message ... > 3000 client computers will need to have SQL Server ODBC/OLEDB drivers installed IF you want the login script to run on each computer ... > The login script will be triggered by a GPO and will always run. ... The script will have logic to determine whether to popup your ...
    (microsoft.public.windows.server.scripting)
  • Re: Password is "too recent to change"
    ... The lockout policy is set at 3 attempts in some period of time. ... and it will stop checking the OS or domain password policy for SQL Server. ... Since these are policy settings, I'm concerned it cannot be changed ... with a generic SA password using a command line install. ...
    (microsoft.public.sqlserver.security)
  • Re: Password is "too recent to change"
    ... The password policy is inherited from either the local machine policy or the OU domain-level group pollicy. ... and it will stop checking the OS or domain password policy for SQL Server. ... Since these are policy settings, I'm concerned it cannot be changed through ... the "install" SA password without needing to reveal the final operational SA ...
    (microsoft.public.sqlserver.security)
  • Re: Locking down database accounts
    ... Personally it sounds to me that your company has established a policy and is ... But bottom line if you have to use SQL Server logins and passwords, ... Whether it's an encrypted flat file or an encrypted XML file, ...
    (microsoft.public.sqlserver.security)
  • Re: Single server login for users
    ... You are the administrator of a SQL Server 2000 computer. ... Your company has 150 client computers ... Configure mixed mode authentication. ... Create a domain user group login for all of the users. ...
    (microsoft.public.sqlserver.server)