none
steadystate and administrator profiles RRS feed

  • Question

  • hi

    Is it possible to disable (except for one adminstrative user) the  screen which asks you if you wish to / wish not to save changes when shuting down or logging off a windows session as administrative user or even taking the option away that allows changes to the hard drive to made maybe a registry hack. This could be undone using a .reg file by the tech staff.

     

    Thank you

     

     

    Tuesday, October 28, 2008 7:58 PM

Answers

  •  

    Hi beama, this message comes from bubble.exe.  You can choose a method below to disable the message:

     

    (Note: That this is not recommended.  Bubble.exe is responsible for alerting users that the WDP cache is filling up and the system will reboot soon.  If the user is an admin and WDP is in discard mode, bubble.exe is also responsible for showing the message at shutdown/restart/logoff asking if the admin wants to commit to current changes. )

     

    Method 1: You can remove bubble.exe from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . If you follow this method, it’s recommended to ADD bubble.exe to the admin’s HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key so that you still receive the shutdown/restart/logoff commit dialog.

     

    Method 2: Use SteadyState administrator to log on, choose a restricted account and add bubble.exe  to blocked program list.  

    Thursday, October 30, 2008 4:05 AM
    Moderator
  • well its been a while but here is the tested script (xp Pro) use gpedit.msc put in it the logg off script area.

    Its a very modified version of discard script found on in this forum

    It compare the rights of the logged in user and depend on who there are either allows changes or discards them (displaying a message), override user selection of save changes. We only want one tech  supervisor user to be able to make changes to the config of the machine


    Code

    Const WDP_MODE_DISCARD = 0

    strComputer = "."
     
    Set colGroups = GetObject("WinNT://" & strComputer & "")
    Set X = createobject("WSCRIPT.Network")
    Set setWdpObjects = objWbemServices.ExecQuery ("SELECT * FROM WDP_Control")
     
    colGroups.Filter = Array("group")
     
    if isNumeric(X.UserName) then  'student user, not member of administrator group
     wscript.quit
    end if
     
    For Each objGroup In colGroups
        For Each objUser In objGroup.Members
              If objGroup.Name = "Administrators" Then ' member of group local machine
                   If X.UserName = "[enter allowed supervisor name here]" Then ' allowed admin user
                    WScript.Quit
                   Else
                    On Error Resume Next ' WDP_Control not active
                    For Each objWdp In setWdpObjects
                         if objWdp.CurrentMode = 0 Then 'already set to 0 ie user selected not to save changes
                              Wscript.quit
                         else
                                 objWdp.CurrentMode = WDP_MODE_DISCARD 'discard changes
                                 objWdp.Put_
                         end if
                    Next
                MsgBox X.UserName & "  You are not permitted to change the computer configuration, Changes discarded"
                WScript.quit
            end if
        Next


    note this script does not get rid of the dialog box that offers administrator group members the option to discard or save changes but overrides the choice of save changes.
    THis script is built around the discard changes script found on this forum
    Monday, November 10, 2008 6:18 AM

All replies

  •  

    Hi beama, this message comes from bubble.exe.  You can choose a method below to disable the message:

     

    (Note: That this is not recommended.  Bubble.exe is responsible for alerting users that the WDP cache is filling up and the system will reboot soon.  If the user is an admin and WDP is in discard mode, bubble.exe is also responsible for showing the message at shutdown/restart/logoff asking if the admin wants to commit to current changes. )

     

    Method 1: You can remove bubble.exe from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . If you follow this method, it’s recommended to ADD bubble.exe to the admin’s HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key so that you still receive the shutdown/restart/logoff commit dialog.

     

    Method 2: Use SteadyState administrator to log on, choose a restricted account and add bubble.exe  to blocked program list.  

    Thursday, October 30, 2008 4:05 AM
    Moderator
  • Hi Sean

    Thanks for the reply


    considering the condition of not recommend  because etc

    maybe then this a safer way

     I would like to add this  to want you have listed already
    using the discard script found here
    http://forums.microsoft.com/WindowsToolsandUtilities/ShowPost.aspx?PostID=2117002&SiteID=69
    adding that to the log off script in user profile accessed by using gpedit then applying deny (all file) permissions to the script file for the one supervisor I want to be able to save changes.

    I did add a msgbox line to the script warning users that even though they selected "save changes etc" that this was not the case.

    testing so far hasnt presented any surprises.
    there is one bug,  when logging off as the allowed admin you get an error message saying cant find script etc, understandable as file permissions don't allow this, easily fixed though  by interrogating the system for logged on user then based on that either run the script or quit and of course adjust file permissions

    you would be the best judge as to the safest method and mark the thread as such (is that allowed Smile )

    Thursday, October 30, 2008 4:45 AM
  • well its been a while but here is the tested script (xp Pro) use gpedit.msc put in it the logg off script area.

    Its a very modified version of discard script found on in this forum

    It compare the rights of the logged in user and depend on who there are either allows changes or discards them (displaying a message), override user selection of save changes. We only want one tech  supervisor user to be able to make changes to the config of the machine


    Code

    Const WDP_MODE_DISCARD = 0

    strComputer = "."
     
    Set colGroups = GetObject("WinNT://" & strComputer & "")
    Set X = createobject("WSCRIPT.Network")
    Set setWdpObjects = objWbemServices.ExecQuery ("SELECT * FROM WDP_Control")
     
    colGroups.Filter = Array("group")
     
    if isNumeric(X.UserName) then  'student user, not member of administrator group
     wscript.quit
    end if
     
    For Each objGroup In colGroups
        For Each objUser In objGroup.Members
              If objGroup.Name = "Administrators" Then ' member of group local machine
                   If X.UserName = "[enter allowed supervisor name here]" Then ' allowed admin user
                    WScript.Quit
                   Else
                    On Error Resume Next ' WDP_Control not active
                    For Each objWdp In setWdpObjects
                         if objWdp.CurrentMode = 0 Then 'already set to 0 ie user selected not to save changes
                              Wscript.quit
                         else
                                 objWdp.CurrentMode = WDP_MODE_DISCARD 'discard changes
                                 objWdp.Put_
                         end if
                    Next
                MsgBox X.UserName & "  You are not permitted to change the computer configuration, Changes discarded"
                WScript.quit
            end if
        Next


    note this script does not get rid of the dialog box that offers administrator group members the option to discard or save changes but overrides the choice of save changes.
    THis script is built around the discard changes script found on this forum
    Monday, November 10, 2008 6:18 AM