Use Domain GPO to run local batch file on logoff - Is it possible?

Question

What I want to accomplish: When a user logs off a machine and is not on the domain, the contents of the recycling bin are deleted.

How this is currently done and works on domain: Domain GPO > User Config > Windows Settings > Scripts (Logon/Logoff) > Logoff > The below batch file is in the logoff script folder on the domain controller and this works flawlessly when it is linked to the User OU.

Batch file: PowerShell.exe -NoProfile -Command Clear-RecycleBin -Confirm:$false

My thoughts The above batch file runs fine as user so can run locally. I thought about putting the batch file to a local file for all users i.e C:\ - but how do achieved getting that to run on log off via Domain GPO please?

I am aware I could investigate using GPO to run local task scheduler at a specified time, wondering if I would have the same problem if machine was not connected to the Domain, and we have irregular login/out times for many staff so I want it to trigger on a guaranteed event i.e Logoff - or even Login.

Many thanks in advance for any guidance.

Answer 1

Something I had failed to test due to misunderstanding actually worked so documenting in case anyone else learning GPO wants some advice as I struggled to find anything on the internet to confirm how I get domain GPO to access local file when not on domain.

Putting the batch file on the C:\ of the domain controller, and putting the batch file in the same place on the local machine allows this to run on log off, without the user being on domain. (Of course the machine has to connect to domain to pick up policy first)

Domain GPO > User Config > Windows Settings > Scripts (Logon/Logoff) > Logoff > Scripts > Select the C:\ batch file. Ensure the file is in the same place on the target machine (you'd have to manually do this, or again could push via GPO, or a management system) GPUPDATE Disconnect from domain Logoff > cleans recycling bin.