End action premature + message box

Hi guys

I have the following code that makes a user local admin, force a logoff and after x -time (for testing purpose 5 min) it deletes the user as a local admin and force a logoff again.

// Enter your action script here

// Parameter Logged on user
parameter "LoggedOnUser" = "{name of current user}"


// Make local admin
dos net localgroup Administrators {parameter "LoggedOnUser"} /ADD



// Disable wow64 redirection on x64 OSes + logoff
action uses wow64 redirection {not x64 of operating system}
override wait
   runas=currentuser
wait logoff {session id of current user}


// Wait x time
parameter "start" = "{now}"
pause while {now < ( ((  parameter "start" of action  ) as time ) + 4* hour)}


// Delete local admin
dos net localgroup Administrators {parameter "LoggedOnUser"} /DELETE


// Disable wow64 redirection on x64 OSes + logoff
action uses wow64 redirection {not x64 of operating system}

override wait
   runas=currentuser
wait logoff {session id of current user}

Now i have 2 questions:

  1. In our company, the standard is 4h. But image the user is ready after 1h, can the action be triggered to skip the pause so it goes straight to the delete local admin and force log off?

  2. Is there anyway to have a popup message like “you will be logged off in 5 minutes, please save everything”?

Thanks for you help

1 Like

Yes, but you need to handle this as 2 separate actions to do that. One to make them an admin and logoff, and another to remove admin and logoff. The action to remove admin and logoff could be triggered after 4 hours or through a self-service offer whenever the user is ready to do so.

In general it is a bad idea to have a 4 hour wait timer in the middle of an action because this means BigFix will be stuck doing nothing for 4 hours.

See this related response: Can action continue after shutdown

1 Like

Hi jgstew

Thanks for your helpful answer. I didn’t think about the 4hours that BigFix will be stuck then.

You indeed have a good point by making the 2nd action an offer too. I’ve splitted it up in 2 actions, i’ll post my code later on in the related response (that’s my topic too…). Thanks!

I was suggesting having 2 different “2nd” actions. One that would be an offer that would allow the user to initiate the removal of admin at anytime, and another that would happen after 4 hours automatically if they don’t use the offer.

Another option would be to have the 2nd action to remove admin not be an offer, but an action that prompts the user to accept the removal of admin, but can be delayed up to 4 hours and runs automatically at the deadline.

Hi jgstew

Now i understand you, great idea! I’ll see what the security team says about it :smile:
thank you!