====== Update computers description with currently logged on user via logon script ======
Delegate users to allow them to change their description in AD
  - Open ADUC
  - Right click on domain object
  - Select **Delegate control**
  - Click **Next**
  - Add **Domain Users** to **Selected users and groups** and click **Next**
  - Select **Create a custom task to delegate**
  - Select **Only the following objects in this folder**
  - Tick **Computer objects** and click **Next**
  - Remove tick on **General** and tick **Property-specific** to update the list below.
  - Tick **Write description** on the list and click **Next**
  - Click **Finish**

Create a VBS file containing the following code
<code logon.vbs>
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
 
' Get service tag and computer manufacturer
For Each objSMBIOS in objWMI.ExecQuery("Select * from Win32_SystemEnclosure")
  serviceTag = replace(objSMBIOS.SerialNumber, ",", ".")
  manufacturer = replace(objSMBIOS.Manufacturer, ",", ".")
Next
 
' Get computer model
For Each objComputer in objWMI.ExecQuery("Select * from Win32_ComputerSystem")
  model = trim(replace(objComputer.Model, ",", "."))
Next
 
' Get computer object in AD
Set objSysInfo = CreateObject("ADSystemInfo")
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
 
' Get user object in AD
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
 
' Get all IP addresses
Dim NIC1, Nic, StrIP
StrIP=""
Set NIC1 =     GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")

For Each Nic in NIC1
    if Nic.IPEnabled then
		For Each ip in Nic.IPAddress
			If Len(StrIP)=0 then
				StrIP = ip
			Else
				StrIP = StrIP & ", " & ip
			End if
		Next
    End if
Next

' Build up description field data and save into computer object if different from current description
newDescription = objUser.LastName & " " & objUser.FirstName & " (" & WshNetwork.UserName & ") - " & manufacturer & " " & model & " (" & serviceTag & ") [" & StrIP & "]"
 
' We also do not update computers with a description that starts with an underscore (_)
if not objComputer.Description = newDescription and not left(objComputer.Description,1) = "_"  then
  objComputer.Description = newDescription
  objComputer.SetInfo
end if
'WScript.StdOut.WriteLine newDescription
</code>

  - Open **Group Policy Management** console
  - Right click **Group Policy Objects** and select **New**
  - Enter GPO name and click **OK**
  - Edit the newly created GPO
  - Navigate to **User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff)**
  - Doubleclick the **Logon** item and click **Add**
  - Browse to the newly created script and click **OK**, and then again click **OK** and close the **Group Policy Management Editor**
  - Link the GPO to the containers with user objects in it (note that this applies to all sub containers)

Next time the computers refresh their GPO, the logon script should run and every computer object should have the description like:
<code>Last_name First_name (samaccountname) - vendor model (serial number)</code>
Computers with description starting with **_** will not have their description changed