Bronze Award WinnerBronze Award Winner

Introduction

In this article we are going to discuss a way to send notifications to users in Active Directory. I know there are other tools or third-party solutions available to send messages directly to users, but there might be sometimes in which you are looking for a new method without installing applications or agents or without messing with WinRM and other requirements. 

Today we will utilize HTML and combine it with Group Policy to send notifications to a specific set of users.


Figure 1 : A preview of the message.

Requirements

In order to successfully apply this solution, we will need:

  • A HTA script which can be find following the instruction of this article. This script is the main tool of this solution. 
  • A customized image in order to place it on the message. If you do not want to use an image, you can simply type your message in the HTA script.
  • Appropriate access to GPMC in order to apply GPO to a selection of users.
  • An icon file. (Optional)

Implementation

Since we are going to send our notifications using HTML, we will definitely need some HTML codes and web pages, but we do not want to display messages in a Web Page using IE or other browsers. Instead we prefer to use a method in which IE and other browsers are not needed. The answer for this question is HTA.

HTA is considered an applications host which runs web pages using its own application. The only thing we have to do is to save our web page as *.HTA format.

Firstly, copy and paste the text below into a notepad. Beware that it is just a simple, you can create web pages using your ideas and add images and other things to this baseline. For me, because I mostly send notifications in Persian and Arabic language (UTF), it is much easier to type my message inside an image and save it as *.JPG.


Figure 2 : A picture of the main source code of the HTA script.

The code which you need to copy:

<html>
<head>
<script type="text/javascript">
    window.resizeTo(525,298);
</script>
<HTA:APPLICATION
  APPLICATIONNAME="Notifications"
  SYSMENU="yes"
  ICON="icon.ico">
<title>Notifications</title>
</head>
<body>
<p> <img src="Webinar.jpg" align="middle"></p>
</body>
</html>

As you can see there is a line which refers to the image source of our message. You can simple modify the path of the image at:


 
<p> <img src="Webinar.jpg" align="middle"></p>

But do not forget to place the HTA file and the image together in the same directory. Now if you double click on your HTA script, you will see this dialog on your screen:



Figure 3 : A preview of the message.


Now all you have to do is to deploy it using GPO to the users. We can utilize ‘Security Filtering’ in order to apply this GPO only to a set of users. Open up GPMC and create a new policy. Since we are deploying this GPO for users, we have to use ‘Logon Script’ feature. 
You need to copy all the files into SYSVOL including the script and the image. I have included an icon for my message because I am not interested in the default icon of HTA scripts.


Figure 4 : Click 'Show Files' to open up policy folder.




Figure 5 : Copy all the contents into the folder. 




Figure 6 : Now you need to add the main script (In this case Webinar.hta). This script will run each time the user logs on.

For now we are finished, head to the GPMC and select the GPO you just created.  Remove the ‘Authenticated Users’ from ‘Security Filtering’ and add your own group of users. In this example we want only users of ‘Sales’ group receive this notifications.


Figure 7 : Remove 'Authenticated Users' from security filtering of the policy.




Figure 8 : Add the group which you want to apply the policy on. In this case we apply the policy on 'Sales' group.


That’s it! You are done... Let’s login to a workstation using a user from ‘Sales’ group and test the result.


Figure 9 : As you can see the logged on user is Sales1 who is a member of Sales group. Policy has been applied successfully. 

Conclusion

As I mentioned earlier, although there are variety of tools available in order to send notifications to a group of users, why should we choose them when there are built-in tools and features available? J

Using this feature you can even step a little further and send congratulations, announcing employee of the month, introduce a new employee to your organization and so on.