Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » logon_script
Trace:
networking:windows:logon_script

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:windows:logon_script [2012/02/13 13:01]
gcooper 		networking:windows:logon_script [2013/12/15 12:15] (current)
gcooper
Line 1: Line 1:
 ====== Login Scripts ====== ====== Login Scripts ======
 +
 +See also **[[networking:windows:logon_script_modular|Modular Logon Script]]**
  
 http://www.rlmueller.net/LogonScriptFAQ.htm http://www.rlmueller.net/LogonScriptFAQ.htm
Line 6: Line 8:
  
 You would assign a Logon script on the "Profile" tab of the user properties if you have client computers with Windows 95, Windows 98, Windows ME, or Windows NT. Group Policy is not applied on computers with these operating systems. If all of your clients have at least Windows 2000, you could use Group Policy to assign Logon scripts.  You would assign a Logon script on the "Profile" tab of the user properties if you have client computers with Windows 95, Windows 98, Windows ME, or Windows NT. Group Policy is not applied on computers with these operating systems. If all of your clients have at least Windows 2000, you could use Group Policy to assign Logon scripts. 
 +
 +===== Troubleshooting =====
 +
 +http://pcloadletter.co.uk/2010/05/15/missing-network-drives/
 +
 +http://serverfault.com/questions/95379/why-wont-my-logon-scripts-map-drives-under-windows-7
 +
 +http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/0a7943b4-db41-443b-8ca5-9eea1db6b27a
  
 ===== Windows NT Method ===== ===== Windows NT Method =====
Line 20: Line 30:
   - Create or edit an existing Group Policy Object (GPO)   - Create or edit an existing Group Policy Object (GPO)
   - Right-click the GPO -> Edit   - Right-click the GPO -> Edit
 +
 +**User Configuration -> Policies -> Windows Settings -> Scripts -> Logon -> Properties -> Add**
  
 **User Configuration -> Policies -> Windows Settings -> Scripts -> Logon -> Properties -> Show Files** **User Configuration -> Policies -> Windows Settings -> Scripts -> Logon -> Properties -> Show Files**
  
-===== Groups and IDs =====+===== Run Commands Based on Workstation OS =====
  
-http://support.microsoft.com/kb/243330+:!: This needs testing and updating.
  
-http://networkadminkb.com/KB/a41/differences-between-authenticated-users-domain-users.aspx +To execute commands based on the host OS, you can create an include and use the following code:
- +
-http://ss64.com/nt/syntax-security_groups.html +
- +
-===== Sample Scripts ===== +
- +
-==== Modular - VBS ==== +
- +
-{{ :networking:windows:modular_logon_assign.png?direct&300|}} +
- +
-http://community.spiceworks.com/how_to/show/1189 +
- +
-  - Download and copy the logon.vbs file to the netlogon folder on the domain controller where the script will be run.  For the Windows NT Methodthis is something like '\\domain.local\sysvol\domain.local\scripts' (where ‘domain.local’ is the full dns name of the domain where you will be running the script. (\\server\netlogon). +
-  - Create two additional folders in the same directory called 'configs' and 'includes'+
-  - Create a configuration file in the 'configs' folder named 'global.conf'+
-  - Using either the Windows NT method or the Group Policy method, call the login script specifying the config file''logon.vbs config:global.conf'' +
-  - Use the detailed log files generated to troubleshoot and verify script execution.  +
- +
-=== Troubleshooting === +
- +
-**Start -> Run -> %temp%** +
- +
-  * Look for logon_<your-conf-file>.log for login details. +
-  * If you don’t see the logfile here, then you know that the script did NOT run. +
- +
-=== Sample global.conf ===+
  
 <file> <file>
-<order> +If instr(lcase(sOSCaption),"windows 7") then 
-meta=1 +Call RunProcess("\\test\netlogon\exe\test.cmd",true) 
-drives=3 +ElseIf instr(lcase(sOSCaption),"windows xp") then 
-printers=2 +Call RunProcess("\\test\netlogon\exe\test.cmd",true) 
-processes=4 +End If 
-include=5 +</file>
-</order>+
  
-<meta> +===== Groups and IDs =====
-description=For all users +
-created=02/12/12 +
-author=Gene Cooper +
-</meta>+
  
-<drives> +http://support.microsoft.com/kb/243330
-m:\\WIN2008R2-PDC\company|group:everyone +
-t:\\WIN2008R2-PDC\test|group:testgroup +
-rem z:\\server\share +
-</drives>+
  
-<printers> +http://networkadminkb.com/KB/a41/differences-between-authenticated-users-domain-users.aspx
-\\WIN2008R2-PDC\pdfcreator;default|group:everyone +
-rem \\server\hpprinter|group:Print Users +
-rem \\server\colorprinter|-group:domain users|group:Colorprint Users +
-rem \\server\faxprinter|ip:192.168.0.23 +
-</printers>+
  
-<processes> +http://ss64.com/nt/syntax-security_groups.html
-rem c:\windows\write.exe +
-</processes>+
  
-<include> +===== Sample Logon Scripts =====
-rem File1.inc +
-rem File2.inc|computerOU:OU=test,OU=domain computers +
-rem File3.inc|group:marketing +
-</include> +
-</file>+
  
 ==== Lourdes - VBS ==== ==== Lourdes - VBS ====
Line 253: Line 219:
 End If End If
 </file> </file>
 +
 +==== Determine Workstation OS ====
 +
 +http://www.grimadmin.com/article.php/batchfile-easy-way-to-detect-os-version
 +
 +=== Batch File Method 1 ===
 +
 +<file>
 +@ECHO off
 +SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION
 +
 +FOR /f "tokens=1,2* delims=." %%a IN ('ver') DO (
 +
 +SET WVer=%%a
 +SET WVer=!WVer:~-1!
 +SET WVer=!WVer!.%%b.%%c
 +SET WVer=!WVer:]=!
 +)
 +
 +IF DEFINED ProgramFiles(x86) (
 +SET OSBit=x64
 +) ELSE (
 +SET OSBit=x86
 +)
 +
 +ECHO %WVer% %OSBit%
 +</file>
 +
 +=== Batch File Method 2 ===
 +
 +<file>
 +@ECHO OFF
 +::  ****************************************
 +::     My Login Script Title - Change Me     
 +::  ***************************************
 +
 +::  ------   Variables  ------
 +SET WINVER=NotSupported
 +SET errMsg1=
 +SET netlogon=\\xxx\netlogon
 +TITLE Logon Script File at xxxxx
 +
 +::  ------ OS analyze  ------
 +if %OS%==Windows_NT goto setOS
 +GOTO error
 +
 +:setOS
 +VER | FIND "Windows 2000 [Version 5"  >NUL && SET WINVER=W2K
 +VER | FIND "Windows XP [Version 5"  >NUL && SET WINVER=WXP
 +VER | FIND "Windows [Version 6"  >NUL && SET WINVER=WVista
 +VER | FIND "Windows [Version 6.1.7600"  >NUL && SET WINVER=W7
 +IF "%WINVER%"=="" GOTO beforeEnd
 +
 +:perUser
 +IF %USERNAME%==xxxx GOTO testArea
 +
 +:perOS
 +:: ------   Windows 2000   ------
 +IF %WINVER%==W2K (
 +    CALL %netlogon%\mapdrives.bat
 +    CALL %netlogon%\log.bat
 +    GOTO beforeEnd   
 +)
 +:: ------   Windows XP   ------
 +IF %WINVER%==WXP (
 +    CALL %netlogon%\mapdrives.bat
 +    CALL %netlogon%\log.bat
 +    GOTO beforeEnd   
 +)
 +:: ------   Windows Vista   ------
 +IF %WINVER%==WVista (
 +    CALL %netlogon%\mapdrives.bat
 +    CALL %netlogon%\log.bat
 +    GOTO beforeEnd   
 +)
 +:: ------   W7   ------
 +IF %WINVER%==W7 (
 +    CALL %netlogon%\mapdrives.bat
 +    CALL %netlogon%\log.bat
 +    GOTO beforeEnd   
 +)
 +GOTO beforeEnd
 +
 +:testArea
 +CALL %netlogon%\mapdrives_test.bat
 +CALL %netlogon%\log.bat
 +GOTO beforeEnd
 +
 +:error
 +
 +:beforeEnd
 +
 +:end
 +</file>
 +
 +===== Printers =====
 +
 +This will allow regular (unprivileged) users to add printers from your print server.
 +
 +In Group Policy:
 +
 +**Computer Configuration -> Administrative Templates -> Printers -> Point and Print Restrictions**
 +
 +  - Set it to "Enabled"
 +  - Put a check box in "Users can only point and print to these servers:"
 +  - Enter your print server name in the box "servername.domainname.com"
 +  - Set both Security Prompts to "Do not show"
networking/windows/logon_script.1329163301.txt.gz · Last modified: 2012/02/13 13:01 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki