query AD to find computers in use by users in a OU - sccm

I want to deploy an Outlook VSTO via SCCM to computers from enduser in an certain ou. Is there a script to export these computer hostnames|username|OU?
thanks in advance.

Follow this guide on how to create AD Query based collections.
System OU Name is the attribute you want to query on.

Related

Dynamics crm on premise installatiom

Can I have two separate installations(different server/different Database) using/sharing the same OU in active directory?
Yes, you can use the same OU for multiple installations.
Each installation will have a unique guid on the end of each object, but it can get messy after awhile.
We would always create a separate OU for each but it isn't necessary.
Yes
Dynamics is scalable.
There are multiple server roles , and you can install each of them n scalable manner on multiple servers , pointing to the same deployment database.
https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/install-dynamics-365-front-back-end-server-roles

Add Local Group User policies with powershell

I have a rather simple task. Is there any way to add a Group Policy under User-Configuration (particularly logon / logoff PowerShell scripts) ? I have seen tons of guides Like this one, but they are making it via GUI. I'd like to run a script, so all files are mapped from Network Fileshares.
I need an automation to configure master-image for citrix environment. (Maybe this can be achieved with BIS-F? or is there some sort of registry key? )
Thank you in Advance!
Here's a screenshot of this Policy (i can't make my own, because it's in German)
The New-GPO cmdlet creates a GPO with a specified name. By default, the newly created GPO is not linked to a site, domain, or organizational unit (OU).
See more: https://learn.microsoft.com/en-us/powershell/module/grouppolicy/new-gpo?view=win10-ps

How to get EVERY user token on a PC for SHGetKnownFolderPath?

I'm working on a System Service project with SYSTEM privilege (cleaning utility)... It does not interactive with any user interface.
My goal is to check files in "Desktop" and "AppData" folders for any user that exists on the PC.
I'm using NetUserEnum() to get the user list on the PC. Then I want to get the path of each user's Desktop and AppData with SHGetKnownFolderPath(), but I can't find a way to get each user's access token for SHGetKnownFolderPath(). Without a token defined in SHGetKnownFolderPath(), it returns the path for SYSTEM and not specific users.
Q1. How can I get the token of each user for SHGetKnownFolderPath()?
Q2. If no answer for Q1, is there any documented way to get the desktop & appdata path of each user in the PC?
I understand this can be achieved with dirty way ---> Registry key with some string replacement. However, the Registry key method is undocumented, which may easily break in future updates to Windows.
Edit Update:
#RaymondChen Thanks for pointing out that some user profiles may not exist. Also,
About Q1 : #Remy Lebeau provides a solution with LogonUser/Ex(),login to each user with their credentials,might be the only answer that fits the need of Q1.
About Q2 : There might have no documented way to achieve this. The only method might have to stick with Windows Registry (Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders) , as #Remy Lebeau and #Olaf Hess said. I tried to dig more information on Microsoft Community Forum and I got Microsoft would never allow access other users' profile with their native API for security reason. They do not provide APIs that can possibly violate the security rules. Each user profile can only access by its credentials.
btw, I totally understand that "Cleaning utility" aka "Windows-breaking tool", especially when the tool is not being well codded(ex. compatibility problem). For the sake of avoiding to make it become a totally Windows-Destroyer, I tried to use more documented API as possible.
For Windows Vista with SP1 / Server 2008 and better you can query the existing user profiles using the WMI class Win32_UserProfile. This allows you to retrieve the profile path and check whether it is a local or roaming profile and to get status information. The rest (retrieving the paths to APPDATA, DESKTOP, etc.) is likely going to involve reading values straight from the registry (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders).

Querying Local Group Policy using VBScript

Using VBscript, what is the best way to query the 'User Rights Assignment' in Local Group Polices.
Such as getting the groups and users under 'Deny log on as a service'
There's no direct way to access this area of windows through VBS (at least AFAIK). But you might export the current privileges through "secedit /export" to a file and then analyze this file.

Where to store Registry data for All Users

I would like to share a small amount of data between All Users in the Windows Registry. For shared read and write access between any user that logs into the machine or a service on the machine. Is there a location where this can be done? I have tried using "HKEY_USERS\.DEFAULT\Software\" but this seems to be blocked by the Vista UAC rules.
You can put all users data in HKEY_LOCAL_MACHINE hive, but you'll need to adjust the permissions on the key to in order to make it writable by all users, as your question states.
HKEY_LOCAL_MACHINE should be the place to store data between users. There's a good, short explanation here about which folders/hives are used for what.

Resources