locked
Common Access Card (CAC) Transitional Message/Alert RRS feed

  • Question

  • I am in an organization that is transitioning to CACs but has not yet implemented "Smart Card required for interactive logon" in the users' AD properties (via GPO) which would force the use of a CAC.

    I want to create a pop-up alert/message only for users logging in with traditional UserID and Password. The Alert would be informing them they need to get a CAC and how long before their non-CAC login will be disabled.

    Most of our scripting is in PowerShell and I'd like to avoid java.

    • Changed type Bill_Stewart Tuesday, April 2, 2013 3:52 PM User asked a question
    Tuesday, April 2, 2013 3:11 PM

Answers

  • I work in a similar organization to yours and we use powershell for our "Logon Script."  I put it in quotes because it isn't a GPO Logon script, it's a scheduled task that launches in a user's context at a user logon event.  The annoying thing about powershell that will be useful to you is you can't suppress it from popping up on the users' screen everytime they log in.  The command below will allow the task scheduler to launch your powershell script.  Now all you need to do is figure out how to check, what message you want to display, and how you want to display it.

    powershell.exe -Executionpolicy remotesigned -file scriptwithmsg.ps1

    • Marked as answer by IamMred Wednesday, May 1, 2013 3:28 AM
    Tuesday, April 2, 2013 5:11 PM
  • One way is to use the Popup method of the WshShell object to display a Windows message dialog.

    Bill

    • Proposed as answer by Bill_Stewart Tuesday, April 16, 2013 4:20 PM
    • Marked as answer by IamMred Wednesday, May 1, 2013 3:28 AM
    Tuesday, April 2, 2013 4:09 PM

All replies

  • Hi,

    A statement of what you want to accomplish isn't the same thing as asking a question.

    What have you tried so far, and with what results?

    Bill

    Tuesday, April 2, 2013 3:53 PM
  • I've only just been tasked with this and I've looked into netsend/msg command which does not look promising. I've reviewed the GPO logon script option, but PowerShell is not recommended unless called from VBS. I just need a start point to investigate since my current web search is not revealing ideas other than buying a 3rd party application which is not allowed (I'm in a government agency). I know we can create a script which captures the current logon and determine it is not a CAC logon, however I do not know how to display a pop-up to the user with the alert.

    Tuesday, April 2, 2013 4:07 PM
  • One way is to use the Popup method of the WshShell object to display a Windows message dialog.

    Bill

    • Proposed as answer by Bill_Stewart Tuesday, April 16, 2013 4:20 PM
    • Marked as answer by IamMred Wednesday, May 1, 2013 3:28 AM
    Tuesday, April 2, 2013 4:09 PM
  • I work in a similar organization to yours and we use powershell for our "Logon Script."  I put it in quotes because it isn't a GPO Logon script, it's a scheduled task that launches in a user's context at a user logon event.  The annoying thing about powershell that will be useful to you is you can't suppress it from popping up on the users' screen everytime they log in.  The command below will allow the task scheduler to launch your powershell script.  Now all you need to do is figure out how to check, what message you want to display, and how you want to display it.

    powershell.exe -Executionpolicy remotesigned -file scriptwithmsg.ps1

    • Marked as answer by IamMred Wednesday, May 1, 2013 3:28 AM
    Tuesday, April 2, 2013 5:11 PM