How I use Eraser -- logoff and shutdown scripts

Kythe

Member
For those of you who have Windows XP Pro, you can create and run logoff and shutdown scripts using the Group Policy Editor. To get to this tool, go to START->RUN and type "gpedit.msc".

To enable logoff scripts, in the left-hand panel expand "Windows Settings" under "User Configuration", then expand "Scripts", and in the right-hand panel double-click on "Logoff". In the dialogue box that opens, click the "Add" button, then the "Browse" button in the next window. Right-click in the browse window that opens, select "New" and create a text file named "exp.cmd". Right-click on the created file, and select "edit" to open the file.

Likewise, to create shutdown scripts, do the above, but instead of expanding "Windows Settings" under "User Configuration", expand "Windows Settings" under "Computer Configuration" instead.

To allow shutdown and logoff scripts to run without a time limit (necessary, for example, if you use them to run Eraser for freespace clearing), in the left-hand window expand "Administrative Templates" under "Computer Configuration", then expand "System" and select "Scripts". In the right-hand windows, double-click on "Maximum wait time for Group Policy scripts". Select the "Enable" radio button, and set the number of seconds to zero (0).

I'm investigating whether or not logoff and shutdown scripts can be run in Windows XP Home edition (by editing the registry, for example). One possibility would be to put links to these scripts in the Windows XP Home "Startup" folder under the Start Menu. It wouldn't run on shutdown (on startup instead), but it should still work fine.

I'll list the contents of my logoff and shutdown scripts in my next posts.
 
Here's the contents of my logoff script. I use this to clear basic user data on logoff when I don't want to run a full freespace wipe:

@echo off
echo clearing user data...
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies\" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\history\" -subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\tempor~1\" -subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\recent\" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies\" -method DoD_E -queue -silent
echo clearing recycled bin...
C:\progra~1\eraser\eraserl -recycled -method DoD_E -queue -silent
echo clearing temp folder...
C:\progra~1\eraser\eraserl -folder "%TEMP%" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing java cache...
C:\progra~1\eraser\eraserl -folder "%APPDATA%\Sun\Java\Deployment\cache\javapi\v1.0" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing Firefox data...
for /D %%G in ("%APPDATA%\Mozilla\Firefox\Profiles\*.*") do (
C:\progra~1\eraser\eraserl -file "%%G\Cache\*" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -file "%%G\history.dat" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -file "%%G\cookies.txt" -method DoD_E -queue -silent
)
echo clearing misc data...
C:\progra~1\eraser\eraserl -folder "%APPDATA%\Kazaa Lite\db" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing MRUs...
C:\progra~1\mru-bl~1\mrubla~1.exe -silent

Note that this script deals with windows user data tracking, Internet Explorer user tracking, clearing the java cache, Firefox data and Kazaa user data tracking. Also note that this script makes use of both eraser and a program called MRUBlaster (available on the internet as a free download).
 
Here's the contents of my shutdown script. Since I only shut down my computer at night, I put longer-running tasks (like free space wiping) in this script.

@echo off
echo running F-PROT virus scan...
C:\F-PROT\F-PROT.EXE /AUTO /DISINF /RENAME /HARD /REPORT=C:\virlog.txt /TYPE /APPEND
echo running Spybot scan...
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix /autoclose /taskbarhide
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v SpybotSnD /f
C:\progra~1\eraser\eraserl -file "C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups\*" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -file "C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini" -method DoD_E -queue -silent
echo clearing free drive space...
C:\progra~1\eraser\eraserl -disk all -method Random 1 -queue

Note that you may have to expand this window horizontally to avoid having lines in the script wrap on your screen.

Also note that in this script, I make use of the F-Prot antivirus program, Spybot S&D (clearing remaining user data in the registry and elsewhere), I eliminate useage tracks that Spybot S&D itself creates, and finally run a custom freespace wipe pattern.

Both F-Prot and Spybot S&D are available for free on the web, but must be manually updated from time to time. I have Spybot S&D set to run complete scans.

Questions?
 
Kythe said:
To allow shutdown and logoff scripts to run without a time limit (necessary, for example, if you use them to run Eraser for freespace clearing), in the left-hand window expand "Administrative Templates" under "Computer Configuration", then expand "System" and select "Scripts". In the right-hand windows, double-click on "Maximum wiat time for Group Policy scripts". Select the "Enable" radio butten, and set the number of seconds to zero (0).

Thanks for the tip. In Windows 2000 it's Computer Configuration -> Administrative Templates -> System -> Logon.
 
OK, I found an interesting site that details what Group Policy editor does in Windows XP Pro. Evidently, all it does is create and set certain values in the Windows XP Registry.

http://forums.freddyshouse.com/archive/ ... t-562.html

Here's the interesting part:

Quige
26th December 2003, 01:19 PM
You might want to have a look at this site - though I couldn't see the particular entry for logoff scripts.

Group policy registry entries for xp home
http://www.j79zlr.com/gphome.php

If I set a machine shutdown script called test.bat on my PC, it puts this in the registry;

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\WINDOWS\\System32\\GroupPolicy\\Machine"
"DisplayName"="Local Group Policy"
"GPOName"="Local Group Policy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown\0\0]
"Script"="C:\\test.bat"
"Parameters"=""
"ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup]

If I do a logoff script for a user it puts this in;

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-777546997-2006763630-3948032881-1108\Scripts\Logoff\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\WINDOWS\\System32\\GroupPolicy\\User"
"DisplayName"="Local Group Policy"
"GPOName"="Local Group Policy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-777546997-2006763630-3948032881-1108\Scripts\Logoff\0\0]
"Script"="C:\\test.bat"
"Parameters"=""
"ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

where the long number is my user SID.
 
Also, this link:

link

...details a registry entry that allows you to set the "Maximum Wait Time" for scripts to infinite.

I'm thinking that to run the scripts, you'd need to replace "C:\\WINDOWS\\System32\\GroupPolicy\\Machine" with the path to the script, and replace "C:\\test.bat" with the path and name of the script. But I haven't tested this.

Also, you'd need to replace the value "S-1-5-21-777546997-2006763630-3948032881-1108" in the registry key, above with the SID value for your user account. You can get that by running a command prompt window (type "cmd" at a "run..." prompt), and running "whoami /sid /user".
 
Kythe said:
Here's the contents of my logoff script. I use this to clear basic user data on logoff when I don't want to run a full freespace wipe:

@echo off
echo clearing user data...
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\history" -subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\tempor~1" -subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\recent" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies" -method DoD_E -queue -silent
echo clearing recycled bin...
C:\progra~1\eraser\eraserl -recycled -method DoD_E -queue -silent
echo clearing temp folder...
C:\progra~1\eraser\eraserl -folder "%TEMP%" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing java cache...
C:\progra~1\eraser\eraserl -folder "%APPDATA%\Sun\Java\Deployment\cache\javapi\v1.0" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing Firefox data...
for /D %%G in ("%APPDATA%\Mozilla\Firefox\Profiles\*.*") do (
C:\progra~1\eraser\eraserl -file "%%G\Cache\*" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -file "%%G\history.dat" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -file "%%G\cookies.txt" -method DoD_E -queue -silent
)
echo clearing misc data...
C:\progra~1\eraser\eraserl -folder "%APPDATA%\Kazaa Lite\db" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing MRUs...
C:\progra~1\mru-bl~1\mrubla~1.exe -silent

Note that this script deals with windows user data tracking, Internet Explorer user tracking, clearing the java cache, Firefox data and Kazaa user data tracking. Also note that this script makes use of both eraser and a program called MRUBlaster (available on the internet as a free download).

I have followed these instructions and it doesn't seem to be erasing all the data
Here is a copy of my log logoff script, can you see anything wrong?


@echo off
echo clearing user data...
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\history"-subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\locals~1\tempor~1" -subfolders -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\recent" -method DoD_E -queue -silent
C:\progra~1\eraser\eraserl -folder "%USERPROFILE%\cookies" -method DoD_E -queue -silent
echo clearing recycled bin...
C:\progra~1\eraser\eraserl -recycled -method DoD_E -queue -silent
echo clearing temp folder...
C:\progra~1\eraser\eraserl -folder "%TEMP%" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing java cache...
C:\progra~1\eraser\eraserl -folder "%APPDATA%\Sun\Java\Deployment\cache\javapi\v1.0" -subfolders -keepfolder -method DoD_E -queue -silent
echo clearing MRUs...
C:\progra~1\mru-bl~1\mrubla~1.exe -silent

dw
 
What data is being left?

One thing that might account for problems is the fact that some paths, like

"%USERPROFILE%\locals~1\history\"

are actually DOS paths, and the directory reference "locals~1" may be wrong on your system. It may actually be "locals~2", for example.

You can either put the long directory names in (since the path is in quotes), or determine the DOS directory names by going to the containing directory -- for example, "C:\Document and Settings\Kythe" in a command window and typing "dir /a:h /x". This works for most directories, but not for certain ones like the "Temporary Internet Files" directory.

All that said, if you can determine what data isn't being cleared, please let me know. I haven't noticed the same, but it's very possible that I missed a flaw or two...
 
Back
Top