Deploy a Scheduled Task (via GPO) to run a script as the logged on user
Background
Occasionally, a colleague would ask if it's possible to run a script on a Windows endpoint or VDI/RDSH desktop when a user is connecting or disconnecting to the virtual session, or on desktop unlock, which occurs when roaming your virtual session from one endpoint to another.
Normally, the answer is easy - use Imprivata OneSign's Extension Objects, a feature readily available on most of our clients' environments. This is especially true with our healthcare clients, but other industries have not adopted on a wide scale (yet).
Scheduled Tasks and GPO
The workaround - Scheduled Tasks deployed via GPO. This will give us the functionality we need for a subset of events available to Extension Objects:
Look familiar? |
To set up the scheduled task for the logged on user, it's important to note that the task is set up in the GPO's User Configuration sections (User Configuration > Preferences > Control Panel Settings > Scheduled Tasks).
Note that:
1. The user account running the task is %LogonDomain%\%LogonUser%
2. Run only when user is logged on is enabled.
3. The Hidden check box should normally be enabled.
Another GOTCHA is the Run in logged-on user's security context (user policy option) is not enabled. If this check box is enabled, GPO will not be able to create the Task.
A Side Note
An alternative approach to the triggers would be to attache the task for a specific Event that's reported in the target system's event log.
No comments