Lock the session during a Savestate task sequence


There is no official solution to prevent a user from authentifying during a savestate task sequence.

It is mandatory to forbid that behaviour because it can provoke a failure of the task sequence. The cause is that because some files will be used, savestate.exe will not be able to save them.

The most common example is the outlook .pst file.

Being already put in that situation, I have written a very tiny and easy to understand script that should be enough for most of the cases.

The trick here is to create a file earlier in the TS (mine is called savestate.txt).

Then you launch my .bat script in your TS :

@echo off
if exist "C:\savestate.txt" (
      rundll32.exe user32.dll,LockWorkStation
      timeout 2
      goto :while

Finally, you will add an instruction in your TS to delete the file savestate.txt

As long as this file will exist, a lock instruction will be sent through this line : rundll32.exe user32.dll,LockWorkStation

I have also added a 2 seconds timeout.

In order to make this perfect, you can also change the background logon script with a custom one. Let’s say that your custom background will have some instructions written that indicates that this computer is currently saving data and should not be used.

P.S : For the joke, in my situation a background was already set.. But it looks like it wasn’t enough to stop the users from wanting to logon….So here I am with that little script that will help you for sure 😉

Cet article vous a plu ? N'hésitez pas à le partager.

Add a Comment

Your email address will not be published. Required fields are marked *