Hi
Has anyone tried setting local computer groups with UEM in anyway? I have an app that requires users to be in two local computer groups, and right now its the one of the only realy reasons I need to use a GPO(I HATE GPOs ).
Hi sjesse,
Unfortunalty I need them on the first logon,
Yeah, that's what I expected
but maybe I'll play around a bit if or think of a way I can make them logon and off again.
Sure
Where C:\Flex\sjesse.cmd contains the following:
C:\Windows\System32\net.exe localgroup "Demo Group" "%username%" /ADD
"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -m "NOTE:" "You'll be logged off"
C:\Windows\System32\logoff.exe
User logs on:
2019-12-06 12:46:42.069 [INFO ] Performing path-based import
...
2019-12-06 12:46:42.099 [INFO ] Collected argument-based privilege elevation settings to apply for elevated applications ('Local Group Test.xml')
...
2019-12-06 12:46:42.122 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = false
2019-12-06 12:46:42.175 [INFO ] Successfully created shortcut in programs menu ('sjesse.xml')
User is automatically logged off (after clicking away the message box):
2019-12-06 12:51:39.059 [INFO ] Performing path-based export
...
2019-12-06 12:51:39.132 [DEBUG] Successfully removed shortcut 'C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjesse.lnk' ('sjesse.xml')
...
2019-12-06 12:51:39.139 [INFO ] Privilege elevation statistics:
2019-12-06 12:51:39.139 [INFO ] Elevated C:\Windows\System32\net.exe 1 time (argument-based).
User logs on again:
2019-12-06 12:51:48.507 [INFO ] Performing path-based import
...
2019-12-06 12:51:48.571 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = true
2019-12-06 12:51:48.571 [INFO ] Skipping shortcut due to conditions ('sjesse.xml')
Hi sjesse,
You can use argument-based privilege elevation to add or remove a user from a local group:
However, those membership changes will only be picked up at the user's next logon...
Hmm, for people that hate GPO's it would be very nice if one would be able to apply such "computer settings" using DEM.
The product used to be "User" environment manager, but was recently renamed to "Dynamic" environment manager. Maybe some changes are in the pipeline to broaden the possibilities to more than just "user" settings?
Just a guess though...
Michiel.
Unfortunalty I need them on the first logon, but maybe I'll play around a bit if or think of a way I can make them logon and off again. I'm also thinking of testing something like puppet or ansible again for this.
Hi sjesse,
Unfortunalty I need them on the first logon,
Yeah, that's what I expected
but maybe I'll play around a bit if or think of a way I can make them logon and off again.
Sure
Where C:\Flex\sjesse.cmd contains the following:
C:\Windows\System32\net.exe localgroup "Demo Group" "%username%" /ADD
"C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -m "NOTE:" "You'll be logged off"
C:\Windows\System32\logoff.exe
User logs on:
2019-12-06 12:46:42.069 [INFO ] Performing path-based import
...
2019-12-06 12:46:42.099 [INFO ] Collected argument-based privilege elevation settings to apply for elevated applications ('Local Group Test.xml')
...
2019-12-06 12:46:42.122 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = false
2019-12-06 12:46:42.175 [INFO ] Successfully created shortcut in programs menu ('sjesse.xml')
User is automatically logged off (after clicking away the message box):
2019-12-06 12:51:39.059 [INFO ] Performing path-based export
...
2019-12-06 12:51:39.132 [DEBUG] Successfully removed shortcut 'C:\Users\testuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sjesse.lnk' ('sjesse.xml')
...
2019-12-06 12:51:39.139 [INFO ] Privilege elevation statistics:
2019-12-06 12:51:39.139 [INFO ] Elevated C:\Windows\System32\net.exe 1 time (argument-based).
User logs on again:
2019-12-06 12:51:48.507 [INFO ] Performing path-based import
...
2019-12-06 12:51:48.571 [DEBUG] Conditions: Check for user membership of group 'Demo Group' = true
2019-12-06 12:51:48.571 [INFO ] Skipping shortcut due to conditions ('sjesse.xml')