Hello,
I would appreciate any suggestions on how i can implement the following at an OU group policy level to affect all the win7 machines in the OU. The machines have Switch User enabled This works successfully on my local machine when manually setup.
"Switch User Events(Event ID 4779) are enabled to be logged in the Security Event Log and then a SYSTEM level windows task/process is setup to monitor for switch user security log events ata Local policy level and when event detected, close all Internet Explorer browsers across all sessions."
The possible command line version for the above would be:
auditpol /set /subcategory:{0cce921c-69ae-11d9-bed3-505054503030} /success:enable
schtasks /create /tn "SwitchUserMonitor" /sc onevent /tr "c:\windows\system32\taskkill.exe /f /im iexplore.exe" /ru "SYSTEM" /mo “*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=4779)]]” /ec Security
Thanks in advance.
Regards