HOW-TO: Create new first time logon domain user agreement with HTML and VBS only

Just recently, I was asked by my manager to develop some script/program or anything similar, that will basically display a user agreement for new domain users logging in for the first time to any machine on the domain. The idea is when the user logs in, before getting to the desktop, the agreement loads on full screen, the user obviously can not simply closes the agreement or minimizes it, after reading the agreement and either clicking on accept or decline, if the user accepts, then the script will note that the user has accepted the agreement and it will not display anymore for that user on any computer on the domain, then it will continue to the desktop. However, if decline is clicked, then the user will be logged off immediately and the agreement will load again next time said user will try to log in.

This is how the whole process works:

– New domain user logs in for the first time
– Agreement loads before getting to the desktop

– If user clicks “I accept”

– Scripts notes that the user clicked “I Accept” and continue to desktop
– Agreement will not load again on any of the domain PCs

– If user clicks “I decline”

– User will get logged off immediately
– No data is recorded for said user
– Agreement will load again next time the user will try to log in.

Now for the fun part

To make things easy, I created a very simple HTML page (saved as .hta) it has the statement and two buttons, I accept and I decline.




<script language="VBScript">
   Sub logon
      Set objShell = CreateObject("Wscript.Shell")
      objShell.Run "\\server_name\sysvol\domain\scripts\AUP\AUP.vbs"
   End Sub

   Sub logoff
      Set objShell = CreateObject("Wscript.Shell")
      objShell.Run "shutdown /l"
   End Sub

<script language="JavaScript"> 
function document.onkeydown() {  
   var alt=window.event.altKey; 
   if (event.keyCode==116 || event.keyCode==27 || alt && event.keyCode==115) { 
   return false; 

   <div class="statement_title">Statement Title</div>

   <div class="statement">
      Lorem ipsum dolor sit amet, consectetur adipiscing elit...


      <a href onClick="logoff" class="button">I Decline</a>
      <a href onClick="logon" class="button">I Accept</a>


When you click on I accept, you can see it calls the VBS script AUP.vbs which basically all it does is create a txt file in a network drive with a filename same as the user’s username. Also, inside that text file, it has the user’s username, date and time, and the statement itself, then once done, the hta file closes and the logon process continues to the desktop


On Error Resume Next
Set objShell = CreateObject("WScript.Shell")
UserName = objShell.ExpandEnvironmentStrings("%USERNAME%")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("\\server_name\share_Drive\AUP\" & UserName & ".txt", 2, True)

objFile.Write("**********************" & vbCrLf & vbCrLf)
objFile.Write(UserName & " signed the User Agreement on  " & Now & vbCrLf & vbCrLf)
objFile.Write("**********************" & vbCrLf & vbCrLf & vbCrLf)
objFile.Write("Lorem ipsum dolor sit amet, ..." & vbCrLf)

objFile.Write("interdum augue ut dictum. ..." & vbCrLf)
objFile.Write("vel purus." & vbCrLf)


However, if the user clicks on “I decline” the hta file will just logs that user off without calling the AUP.vbs script and recording anything for that user.

This is basically it, now all we need is a logon script that checks if the user has been logged in before or not, it checks by looking for the text file in the network drive, if the text file exists, then it ignores all of the above, if it does not, then it will shut down explorer.exe, displays the AUP.hta file and waits for the user’s response before re-launching explorer.exe and continuing to the desktop.


On Error Resume Next
Set objShell = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
UserName = objShell.ExpandEnvironmentStrings("%USERNAME%")

If (fso.FileExists("\\server_name\Share_Drive\AUP\" & UserName & ".txt")) Then


dim strComputer
dim wmiNS
dim wmiQuery
dim objWMIService
dim colItems
dim objItem
Dim strOUT

strComputer = "."
wmiNS = "\root\cimv2"
wmiQuery = "Select processID from win32_process where name = 'explorer.exe'"

Set objWMIService = GetObject("winmgmts:\\" & strComputer & wmiNS)
Set colItems = objWMIService.ExecQuery(wmiQuery)

For Each objItem in colItems

Sub subLaunch
Dim objShell
Dim strProg

strProg = "\\server_name\sysvol\domain\scripts\AUP\AUP.hta"
Const MaxWindow = 3
Const blnWait = True

Set objShell = CreateObject("")
objShell.Run strProg,maxWindow,blnWait


End Sub

Sub subcreateProcess
Dim obj 'uses get method to get win32_process so we can launch new explorer
Set obj = objWMIService.Get("win32_process")
End sub

End If


That is it! Very simple and effective way to display a one time user agreement without any third party software. Hope this will help anyone out there in the same situation, let me know what you think in the comments below.

Download source files

Show Comments