{"id":353653,"date":"2024-08-27T09:35:57","date_gmt":"2024-08-27T09:35:57","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/desactiver-la-connexion-automatique-powershell\/"},"modified":"2024-10-13T19:08:19","modified_gmt":"2024-10-13T19:08:19","slug":"desactiver-la-connexion-automatique-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/desactiver-la-connexion-automatique-powershell\/","title":{"rendered":"Comment d\u00e9sactiver la connexion automatique dans Windows \u00e0 l’aide d’un script PowerShell pour une s\u00e9curit\u00e9 accrue ?"},"content":{"rendered":"

Les cybermenaces ne cessant d’\u00e9voluer, les professionnels de l’informatique doivent constamment rester vigilants afin de garantir des protocoles de s\u00e9curit\u00e9 solides. L’une de ces mesures est la d\u00e9sactivation de la connexion automatique sur les syst\u00e8mes Windows<\/strong>. Cet article se penche sur l’importance de cette pratique et fournit un guide complet sur la mani\u00e8re d’y parvenir \u00e0 l’aide d’un script PowerShell. Ce script ne se contente pas de d\u00e9sactiver la connexion automatique, il veille \u00e9galement \u00e0 ce qu’une banni\u00e8re de connexion soit pr\u00e9sent\u00e9e, ce qui renforce la s\u00e9curit\u00e9 globale<\/a>.<\/p>\n

Contexte<\/h2>\n

La connexion automatique, bien que pratique pour les utilisateurs, pr\u00e9sente des risques importants pour la s\u00e9curit\u00e9, en particulier dans les environnements o\u00f9 des donn\u00e9es sensibles sont accessibles. La d\u00e9sactivation de cette fonction oblige les utilisateurs \u00e0 s’authentifier \u00e0 chaque fois qu’ils se connectent, ce qui constitue un niveau de s\u00e9curit\u00e9 suppl\u00e9mentaire. Pour les professionnels de l’informatique et les fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a>, l’automatisation de ce processus au moyen de scripts permet de gagner du temps et d’assurer la coh\u00e9rence entre plusieurs syst\u00e8mes.<\/p>\n

Le script\u00a0:<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Disables the automatic login feature and ensures that a dialog box is presented each time a user signs in.\r\n.DESCRIPTION\r\n    Disables the automatic login feature and ensures that a dialog box is presented each time a user signs in.\r\n.EXAMPLE\r\n    -Title \"A Title\" -Message \"A Message\"\r\n    \r\n    Retrieving existing security policy...\r\n                                                                           \r\n    The task has completed successfully.\r\n    See log %windir%\\security\\logs\\scesrv.log for detail info.\r\n    Modifying policy to include the login banner.\r\n    Applying updated policy...\r\n    Completed 5 percent (0\/18) \tProcess Security Policy area        \r\n    Completed 22 percent (3\/18) \tProcess Security Policy area        \r\n    Completed 44 percent (7\/18) \tProcess Security Policy area        \r\n    Completed 61 percent (10\/18) \tProcess Security Policy area        \r\n    Completed 77 percent (13\/18) \tProcess Security Policy area        \r\n    Completed 100 percent (18\/18) \tProcess Security Policy area        \r\n                                                                            \r\n    The task has completed successfully.\r\n    See log %windir%\\security\\logs\\scesrv.log for detail info.\r\n\r\n\r\nPARAMETER: -Title \"ReplaceMeWithYourDesiredTitle\"\r\n    Specify the title of the dialog box to be used in the logon banner.\r\n\r\nPARAMETER: -Message \"ReplaceMeWithYourDesiredMessage\"\r\n    Specify the main text body to be used in the logon banner. \r\n\r\nPARAMETER: -MicrosoftDefaults\r\n    Reverts all the modified settings to their Microsoft default value.\r\n\r\nPARAMETER: -ForceRestart\r\n    Schedules a restart for 60 seconds from now so that the login banner may take immediate effect.\r\n\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$Title,\r\n    [Parameter()]\r\n    [String]$Message,\r\n    [Parameter()]\r\n    [Switch]$MicrosoftDefaults = [System.Convert]::ToBoolean($env:revertToMicrosoftDefaults),\r\n    [Parameter()]\r\n    [Switch]$ForceRestart = [System.Convert]::ToBoolean($env:forceRestart)\r\n)\r\n\r\nbegin {\r\n    if ($env:logonBannerTitle -and $env:logonBannerTitle -notlike \"null\") { $Title = $env:logonBannerTitle }\r\n    if ($env:logonBannerText -and $env:logonBannerText -notlike \"null\") { $Message = $env:logonBannerText }\r\n\r\n    # Check if a title is provided. If it exists, trim any leading or trailing whitespace.\r\n    if ($Title) {\r\n        $Title = $Title.Trim()\r\n    }\r\n\r\n    # If no title is provided and Microsoft defaults are not being used, output an error and exit the script.\r\n    if (!$Title -and !$MicrosoftDefaults) {\r\n        Write-Host \"[Error] Missing title for the login banner.\"\r\n        exit 1\r\n    }\r\n\r\n    # Check if a message is provided. If it exists, trim any leading or trailing whitespace.\r\n    if ($Message) {\r\n        $Message = $Message.Trim()\r\n    }\r\n\r\n    # If no message is provided and Microsoft defaults are not being used, output an error and exit the script.\r\n    if (!$Message -and !$MicrosoftDefaults) {\r\n        Write-Host \"[Error] Missing message for the login banner.\"\r\n        exit 1\r\n    }\r\n\r\n    # If Microsoft defaults are specified to be used but either a title or message is also provided, error out due to the title and message not being present by default.\r\n    if ($MicrosoftDefaults -and ($Title -or $Message)) {\r\n        Write-Host \"[Error] A login banner is not present by default. If you use the 'Revert To Microsoft Defaults' checkmark, leave the 'Login Banner Title' and the 'Login Banner Text' empty.\"\r\n        exit 1\r\n    }\r\n\r\n    function Test-IsDomainJoined {\r\n        if ($PSVersionTable.PSVersion.Major -lt 5) {\r\n            return $(Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain\r\n        }\r\n        else {\r\n            return $(Get-CimInstance -Class Win32_ComputerSystem).PartOfDomain\r\n        }\r\n    }\r\n\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n\r\n        # Check if the specified path exists, if not, create it.\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n\r\n        # Check if the property already exists at the path.\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue)) {\r\n\r\n            # Retrieve the current value of the registry key.\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name\r\n            try {\r\n                # Attempt to update the property's value.\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                # If an error occurs during the update, print an error message and exit.\r\n                Write-Host \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Host \"[Error] $($_.Message)\"\r\n                exit 1\r\n            }\r\n            # Print a confirmation of the change.\r\n            Write-Host \"$Path\\$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n        else {\r\n            try {\r\n                # If the property does not exist, create it with the specified value and type.\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                # If an error occurs during creation, print an error message and exit.\r\n                Write-Host \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Host \"[Error] $($_.Exception.Message)\"\r\n                exit 1\r\n            }\r\n\r\n            # Print a confirmation of the change.\r\n            Write-Host \"Set $Path\\$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)\"\r\n        }\r\n    }\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    if (!$ExitCode) {\r\n        $ExitCode = 0\r\n    }\r\n}\r\nprocess {\r\n    # Check if the current user session is elevated with administrator privileges. If not, display an error message and exit the script.\r\n    if (!(Test-IsElevated)) {\r\n        Write-Host -Object \"[Error] Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Retrieve the AutoAdminLogon and DefaultPassword registry values to check for automatic login settings and stored passwords.\r\n    $AutoLogin = Get-ItemProperty -Path \"Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" -Name \"AutoAdminLogon\" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty \"AutoAdminLogon\" -ErrorAction SilentlyContinue\r\n    $DefaultPassword = Get-ItemProperty -Path \"Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" -Name \"DefaultPassword\" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty \"DefaultPassword\" -ErrorAction SilentlyContinue\r\n    $PasswordLessSetting = Get-ItemProperty -Path \"Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\PasswordLess\\Device\" -Name \"DevicePasswordLessBuildVersion\" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty \"DevicePasswordLessBuildVersion\" -ErrorAction SilentlyContinue\r\n\r\n    # Alert if a password is stored in the registry, which might be insecure if in plain text.\r\n    if ($DefaultPassword) {\r\n        Write-Host \"[Alert] A Password is stored in HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\DefaultPassword. This password is likely in plain text.\"\r\n    }\r\n\r\n    # Check if the device is part of a domain, and if so, recommend using group policy for login banner settings.\r\n    if (Test-IsDomainJoined) {\r\n        Write-Host \"[Error] This device is domain joined. Login Banner modifications should be setup using group policy.\"\r\n        Write-Host \"[Info] Group Policy Location: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon:(...)\"\r\n        Write-Host \"[Info] https:\/\/learn.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-10\/security\/threat-protection\/security-policy-settings\/interactive-logon-message-text-for-users-attempting-to-log-on\"\r\n        exit 1\r\n    }\r\n\r\n    # Turn off automatic login if it is enabled.\r\n    if ($AutoLogin -ne 0) {\r\n        Set-RegKey -Path \"Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" -Name \"AutoAdminLogon\" -Value 0\r\n    }\r\n\r\n    # Disable automatic login if it is enabled\r\n    if ($PasswordLessSetting -eq 0) {\r\n        Set-RegKey -Path \"Registry::HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\PasswordLess\\Device\" -Name \"DevicePasswordLessBuildVersion\" -Value 2\r\n    }\r\n\r\n    # Announce the start of the security policy retrieval process.\r\n    Write-Host \"Retrieving existing security policy...\"\r\n\r\n    # Export the current security policy and record the output to a temporary file.\r\n    $SecurityPolicyPath = \"$env:TEMP\\enable-loginbanner.cfg\"\r\n    $ExportPolicy = Start-Process SecEdit.exe -ArgumentList \"\/export \/cfg $SecurityPolicyPath\" -RedirectStandardOutput \"$env:TEMP\\enable-loginbanner.txt\" -NoNewWindow -Wait -PassThru\r\n    $ExportPolicyOutput = Get-Content -Path \"$env:TEMP\\enable-loginbanner.txt\"\r\n\r\n    # Display the output of the policy export and clean up the temporary file.\r\n    if ($ExportPolicyOutput) {\r\n        $ExportPolicyOutput | Write-Host\r\n        Remove-Item \"$env:TEMP\\enable-loginbanner.txt\"\r\n    }\r\n\r\n    # Check the exit code of the export process and display an error message if the export failed.\r\n    if ($ExportPolicy.ExitCode -ne 0) {\r\n        Write-Host -Object \"Exit Code: $($ExportPolicy.ExitCode)\"\r\n        Write-Host -Object \"[Error] Unable to edit security policy.\"\r\n        exit 1\r\n    }\r\n    \r\n    # Check if Microsoft default settings are specified to modify the login banner.\r\n    if ($MicrosoftDefaults) {\r\n        Write-Host \"Removing login banner from security policy...\"\r\n\r\n        # Initialize a new list to store modified security policy settings.\r\n        $NewSecPolicy = New-Object System.Collections.Generic.List[string]\r\n\r\n        # Read the current security policy and process each line.\r\n        Get-Content $SecurityPolicyPath | ForEach-Object {\r\n\r\n            # If the line contains settings for LegalNoticeCaption or LegalNoticeText, reset these values.\r\n            if ($_ -match \"LegalNoticeCaption\" -or $_ -match \"LegalNoticeText\") {\r\n                $NewSecPolicy.Add(($_ -replace \",.*\", \",\"))\r\n            }\r\n            else {\r\n                $NewSecPolicy.Add($_)\r\n            }\r\n        }\r\n\r\n        # Write the modified security policy back to the configuration file.\r\n        $NewSecPolicy | Out-File $SecurityPolicyPath\r\n\r\n        Write-Host \"Applying updated policy...\"\r\n        # Apply the modified security policy using SecEdit.exe.\r\n        $UpdateSecurityPolicy = Start-Process SecEdit.exe -ArgumentList \"\/configure \/db c:\\windows\\security\\local.sdb \/cfg $SecurityPolicyPath\" -RedirectStandardOutput \"$env:TEMP\\enable-loginbanner.txt\" -Wait -NoNewWindow -PassThru\r\n    \r\n        # Capture the output from the policy update and display it.\r\n        $UpdatePolicyOutput = Get-Content -Path \"$env:TEMP\\enable-loginbanner.txt\"\r\n        if ($UpdatePolicyOutput) {\r\n            $UpdatePolicyOutput | Write-Host\r\n            Remove-Item \"$env:TEMP\\enable-loginbanner.txt\"\r\n        }\r\n    \r\n\r\n        # Check the exit code of the policy update process and handle errors.\r\n        if ($UpdateSecurityPolicy.ExitCode -ne 0) {\r\n            Write-Host -Object \"Exit Code: $($UpdateSecurityPolicy.ExitCode)\"\r\n            Write-Host -Object \"[Error] Unable to update security policy.\"\r\n            exit 1\r\n        }\r\n        else {\r\n\r\n            if ($ForceRestart) {\r\n                Write-Warning -Message \"Scheduling system restart for 60 seconds from now. $((Get-Date).AddMinutes(60))\"\r\n                Start-Process shutdown.exe -ArgumentList \"\/r \/t 60\" -Wait -NoNewWindow\r\n            }\r\n            else {\r\n                Write-Warning -Message \"A restart may be required for the login banner to be removed. Please restart at your earliest convenience.\"\r\n            }\r\n            \r\n            exit $ExitCode\r\n        }\r\n    }\r\n\r\n    # Begin modification to include the login banner in the security policy.\r\n    Write-Host \"Modifying policy to include the login banner.\"\r\n\r\n    # Check if the current policy already includes a title for the login banner.\r\n    if (Get-Content $SecurityPolicyPath | Where-Object { $_ -like \"*LegalNoticeCaption*\" }) {\r\n        # Replace the existing title with a new one, maintaining other parts of the line.\r\n        $Caption = (Get-Content $SecurityPolicyPath | Where-Object { $_ -like \"*LegalNoticeCaption*\" }) -replace ',.*', \",`\"$Title`\"\"\r\n        (Get-Content $SecurityPolicyPath) -replace \".*LegalNoticeCaption.*\", \"$Caption\" | Out-File $SecurityPolicyPath\r\n    }\r\n    else {\r\n        # If no title is present, create a new list for the modified policy settings.\r\n        $NewSecPolicy = New-Object System.Collections.Generic.List[string]\r\n        # Define the new title setting with the specified title\r\n        $Caption = \"MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeCaption=1,`\"$Title`\"\"\r\n\r\n        # Read the current policy and add the new title setting where appropriate.\r\n        Get-Content $SecurityPolicyPath | ForEach-Object {\r\n            if ($_ -match \"\\[Registry Values\\]\") {\r\n                $NewSecPolicy.Add($_)\r\n                $NewSecPolicy.Add($Caption)\r\n            }\r\n            else {\r\n                $NewSecPolicy.Add($_)\r\n            }\r\n        }\r\n\r\n        # Write the modified settings back to the configuration file.\r\n        $NewSecPolicy | Out-File $SecurityPolicyPath\r\n    }\r\n\r\n    # Check if the security policy file shows that the login banner text has already been set.\r\n    if (Get-Content $SecurityPolicyPath | Where-Object { $_ -like \"*LegalNoticeText*\" }) {\r\n        # If the setting is found, modify its existing entry by replacing the existing text after the comma\r\n        # with a formatted version of $Message. Commas in $Message are replaced with '\",\"', and new lines are replaced with commas.\r\n        $Text = (Get-Content $SecurityPolicyPath | Where-Object { $_ -like \"*LegalNoticeText*\" }) -replace ',.*', \",$($Message -replace ',','\",\"' -replace '\\n',',')\"\r\n        \r\n        # Replace the entire line that contains \"LegalNoticeText\" with the new formatted text, and overwrite the file.\r\n        (Get-Content $SecurityPolicyPath) -replace \".*LegalNoticeText.*\", \"$Text\" | Out-File $SecurityPolicyPath\r\n    }\r\n    else {\r\n        # If the setting is not found in the file, initialize a new list to store all lines for the updated policy.\r\n        $NewSecPolicy = New-Object System.Collections.Generic.List[string]\r\n\r\n        # Create a new line for \"LegalNoticeText\" with the provided $Message formatted similarly to the replacement process above.\r\n        $Text = \"MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\LegalNoticeText=7,$($Message -replace ',','\",\"' -replace '\\n',',')\"\r\n\r\n        # Read each line of the security policy. If the line matches \"[Registry Values]\", it indicates the start of registry settings.\r\n        Get-Content $SecurityPolicyPath | ForEach-Object {\r\n            if ($_ -match \"\\[Registry Values\\]\") {\r\n                # Add the current line and immediately follow it with the new \"LegalNoticeText\" setting.\r\n                $NewSecPolicy.Add($_)\r\n                $NewSecPolicy.Add($Text)\r\n            }\r\n            else {\r\n                # Add other lines without modification.\r\n                $NewSecPolicy.Add($_)\r\n            }\r\n        }\r\n\r\n        # Write the updated list back to the security policy file, thus including the new \"LegalNoticeText\".\r\n        $NewSecPolicy | Out-File $SecurityPolicyPath\r\n    }\r\n\r\n    # Display a message indicating that the updated security policy is being applied.\r\n    Write-Host \"Applying updated policy...\"\r\n    $UpdateSecurityPolicy = Start-Process SecEdit.exe -ArgumentList \"\/configure \/db c:\\windows\\security\\local.sdb \/cfg $SecurityPolicyPath \/areas securitypolicy\" -RedirectStandardOutput \"$env:TEMP\\enable-loginbanner.txt\" -Wait -NoNewWindow -PassThru\r\n    \r\n    $UpdatePolicyOutput = Get-Content -Path \"$env:TEMP\\enable-loginbanner.txt\"\r\n    # If there is any output from the SecEdit process, display it in the console.\r\n    if ($UpdatePolicyOutput) {\r\n        $UpdatePolicyOutput | Write-Host\r\n        Remove-Item \"$env:TEMP\\enable-loginbanner.txt\"\r\n    }\r\n    \r\n\r\n    # Check if the SecEdit process completed successfully by examining the exit code.\r\n    if ($UpdateSecurityPolicy.ExitCode -ne 0) {\r\n        Write-Host -Object \"Exit Code: $($UpdateSecurityPolicy.ExitCode)\"\r\n        Write-Host -Object \"[Error] Unable to update security policy.\"\r\n        exit 1\r\n    }\r\n\r\n    if ($ForceRestart) {\r\n        Write-Warning -Message \"Scheduling system restart for 60 seconds from now. $((Get-Date).AddMinutes(60))\"\r\n        Start-Process shutdown.exe -ArgumentList \"\/r \/t 60\" -Wait -NoNewWindow\r\n    }\r\n    else {\r\n        Write-Warning -Message \"A restart may be required for the login banner to take effect. Please restart at your earliest convenience.\"\r\n    }\r\n    \r\n    exit $ExitCode\r\n}\r\nend {\r\n    \r\n    \r\n    \r\n}<\/pre>\n
 <\/p>\n\n
<\/h2>
<\/p><\/div>
<\/a><\/div><\/div>\n
Description d\u00e9taill\u00e9e<\/h2>\n
Ce script PowerShell est con\u00e7u pour d\u00e9sactiver la connexion automatique et s’assurer qu’une bo\u00eete de dialogue est pr\u00e9sent\u00e9e \u00e0 chaque fois qu’un utilisateur se connecte. Voici une explication \u00e9tape par \u00e9tape de son fonctionnement :<\/p>\n
    \n
  1. Param\u00e8tres et contr\u00f4les initiaux :<\/strong> Le script accepte des param\u00e8tres pour le titre et le message de la banni\u00e8re de connexion, ainsi que des commutateurs pour revenir aux valeurs par d\u00e9faut de Microsoft et forcer un red\u00e9marrage. Il commence par v\u00e9rifier si ces param\u00e8tres sont fournis, en supprimant tout espace blanc de d\u00e9but ou de fin. Si des param\u00e8tres essentiels manquent et que les valeurs par d\u00e9faut de Microsoft ne sont pas utilis\u00e9es, le script se termine par un message d’erreur.<\/li>\n
  2. V\u00e9rification du domaine :<\/strong> Une fonction Test-IsDomainJoined v\u00e9rifie si l’appareil fait partie d’un domaine. Si c’est le cas, le script conseille d’utiliser la strat\u00e9gie de groupe pour les param\u00e8tres de la banni\u00e8re de connexion et se termine. Cela permet de garantir la conformit\u00e9 avec les politiques du domaine et d’\u00e9viter les conflits.<\/li>\n
  3. Modification d’une cl\u00e9 de registre :<\/strong> La fonction Set-RegKey est utilis\u00e9e pour cr\u00e9er ou modifier les cl\u00e9s de registre qui contr\u00f4lent les param\u00e8tres de connexion automatique. Si la connexion automatique est activ\u00e9e (la valeur du registre AutoAdminLogon est diff\u00e9rente de 0), elle est fix\u00e9e \u00e0 0. De m\u00eame, si le param\u00e8tre de connexion sans mot de passe est activ\u00e9, il est d\u00e9sactiv\u00e9 en fixant la valeur DevicePasswordLessBuildVersion \u00e0 2.<\/li>\n
  4. Exportation et modification de la politique de s\u00e9curit\u00e9 :<\/strong> Le script exporte la politique de s\u00e9curit\u00e9 actuelle \u00e0 l’aide de SecEdit.exe et traite le fichier de configuration pour inclure ou modifier les param\u00e8tres de la banni\u00e8re de connexion. Si les valeurs par d\u00e9faut de Microsoft sont demand\u00e9es, la banni\u00e8re de connexion est supprim\u00e9e. Sinon, il met \u00e0 jour le LegalNoticeCaption et le LegalNoticeText avec le titre et le message fournis.<\/li>\n
  5. Application de la politique actualis\u00e9e :<\/strong> Apr\u00e8s avoir modifi\u00e9 le fichier de configuration, le script applique la politique de s\u00e9curit\u00e9 mise \u00e0 jour \u00e0 l’aide de SecEdit.exe. Si un red\u00e9marrage est forc\u00e9, il planifie un red\u00e9marrage du syst\u00e8me afin que les modifications prennent effet imm\u00e9diatement.<\/li>\n
  6. Derni\u00e8res \u00e9tapes :<\/strong> Le script fournit un retour d’information tout au long de son ex\u00e9cution, indiquant l’\u00e9tat de chaque op\u00e9ration et les \u00e9ventuelles erreurs rencontr\u00e9es.<\/li>\n<\/ol>\n
    Cas d’utilisation potentiels<\/h2>\n
    Imaginez un professionnel de l’informatique qui g\u00e8re un parc d’ordinateurs portables pour une institution financi\u00e8re. Pour prot\u00e9ger les donn\u00e9es financi\u00e8res sensibles, il est essentiel de s’assurer que chaque appareil n\u00e9cessite une connexion au d\u00e9marrage. En utilisant ce script, le professionnel de l’informatique peut automatiser le processus sur tous les appareils, ce qui garantit la conformit\u00e9 avec les politiques de s\u00e9curit\u00e9 et permet de gagner du temps sur la configuration manuelle.<\/p>\n
    Comparaisons<\/h2>\n
    Bien que les strat\u00e9gies de groupe soient la m\u00e9thode pr\u00e9f\u00e9r\u00e9e pour les appareils reli\u00e9s \u00e0 un domaine, ce script offre une solution simple pour les syst\u00e8mes autonomes ou les petits groupes de travail. Par rapport \u00e0 la modification manuelle du registre ou \u00e0 l’utilisation d’outils tiers, ce script est plus efficace et r\u00e9duit le risque d’erreur humaine.<\/p>\n
    FAQ<\/h2>\n