I have some scripts that I would like to run every time a user logs off. I would like to create something that programatically sets up the logoff scripts. For example, an exe or a cmd file that can be executed to add the logoff script to the list of logoff scripts that Windows executes. Because of this, a Windows API function or a Windows shell command would be preferable, but I can find no such functions or commands to help with this.
I checked on the registry edits that the local group policy editor makes when you use it to add a logoff script to group policy, but it does a lot of things that I'm not sure I can mimic. For example, it makes a lot of registry edits, and it uses numeric codes in some of the registry keys and binary data in some of the values. I would not know what the values represent.
I have tried subsets of the changes that GPEdit does in the hopes that doing so would still work. For example, I exported the changes it made to HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff and imported them on another PC, but that did not work, and the GPEdit MMC was unaware that I had even made the change.
As I said, a set of Windows API functions or a Windows shell command would be preferable if anyone knows of some that could help, but if anyone knows of a way to decode the heap of information that GPEdit makes in a way that I could mock it then I'm not against making registry changes as long as they are stable.
Whatever the solution I find and use, it has to be able to be automatic and reliable, as it will be executed remotely against many computers with psexec, and it will also be included into automated setup processes for future PCs that are set up.
Unfortunately, this seems to be a difficult topic to Google for, as many other things people are trying to do have many of the same key words that I query for but are not actually the same topic. For example, shutdown/logoff hooks for running apps, or remotely logging off users.
If anyone is a Windows registry or MMC wizard and thinks that seeing a dump of the registry changes that the GPEdit MMC makes when doing the same thing would be helpful then just say so, and I'll make that available since I've already captured it. I doubt that's the way to go, however I have started looking into how to create MMC snap-in tools; my thought is that perhaps the GPEdit snap-in itself can be reverse engineered so that I can see exactly what it's doing in a simple way. This is not going anywhere fast though, as none of the .adm files I see appear to have the settings for this, and the gpedit.msc file doesn't appear to have anything that would give it away in the plaintext part, though there is a section in it that appears as gibberish, so maybe there's some sort of magic going on in there.