====== Login Scripts ======

See also **[[networking:windows:logon_script_modular|Modular Logon Script]]**

http://www.rlmueller.net/LogonScriptFAQ.htm

The old Windows NT style of managing logon scripts still works, and is probably sufficient for small organizations.  However the new Group Policy methods are more powerful and more flexible.

You would assign a Logon script on the "Profile" tab of the user properties if you have client computers with Windows 95, Windows 98, Windows ME, or Windows NT. Group Policy is not applied on computers with these operating systems. If all of your clients have at least Windows 2000, you could use Group Policy to assign Logon scripts. 

===== Troubleshooting =====

http://pcloadletter.co.uk/2010/05/15/missing-network-drives/

http://serverfault.com/questions/95379/why-wont-my-logon-scripts-map-drives-under-windows-7

http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/0a7943b4-db41-443b-8ca5-9eea1db6b27a

===== Windows NT Method =====

Login scripts are generally found here:

%SystemRoot%\sysvol\sysvol\<domain DNS name>\scripts

Scripts are assigned to users with the **Active Directory Users and Computers** (ADUC) tool.  Edit a user object and enter the script name on the Profile tab.

===== Group Policy Method =====

  - Start -> Run -> gpmc.msc
  - Create or edit an existing Group Policy Object (GPO)
  - Right-click the GPO -> Edit

**User Configuration -> Policies -> Windows Settings -> Scripts -> Logon -> Properties -> Add**

**User Configuration -> Policies -> Windows Settings -> Scripts -> Logon -> Properties -> Show Files**

===== Run Commands Based on Workstation OS =====

:!: This needs testing and updating.

To execute commands based on the host OS, you can create an include and use the following code:

<file>
If instr(lcase(sOSCaption),"windows 7") then
Call RunProcess("\\test\netlogon\exe\test.cmd",true)
ElseIf instr(lcase(sOSCaption),"windows xp") then
Call RunProcess("\\test\netlogon\exe\test.cmd",true)
End If
</file>

===== Groups and IDs =====

http://support.microsoft.com/kb/243330

http://networkadminkb.com/KB/a41/differences-between-authenticated-users-domain-users.aspx

http://ss64.com/nt/syntax-security_groups.html

===== Sample Logon Scripts =====

==== Lourdes - VBS ====

<file>
ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("intra.lourdesinc.com")

UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Synchronizes the time with Server our NTP Server
'WSHShell.Run "NET TIME \\lisvrwin /set /y"


'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
    WSHNetwork.RemoveNetworkDrive clDrives.Item(i)
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

Set WSHPrinters = WSHNetwork.EnumPrinterConnections
For LOOP_COUNTER = 0 To WSHPrinters.Count - 1 Step 2    
    If Left(WSHPrinters.Item(LOOP_COUNTER +1),2) = "\\" Then
      WSHNetwork.RemovePrinterConnection WSHPrinters.Item(LOOP_COUNTER +1),True,True
    End If
Next

'Map drives needed by all
WSHNetwork.MapNetworkDrive "H:", "\\lisvrwin\users\" + UserString,True
WSHNetwork.MapNetworkDrive "F:", "\\lisvrwin\company",True
WSHNetwork.MapNetworkDrive "N:", "\\lisvrwin\nydocs",True
WSHNetwork.MapNetworkDrive "P:", "\\lisvrwin\contracts",True
WSHNetwork.MapNetworkDrive "Q:", "\\lisvrwin\quality",True
WSHNetwork.MapNetworkDrive "T:", "\\lisvrwin\test",True
WSHNetwork.MapNetworkDrive "S:", "\\lisvrwin\autosketch",True

'WSHShell.Run "REG ADD ""HKEY_CURRENT_USER\software\Microsoft\windows\CurrentVersion\Explorer\User Shell Folders"" /v AppData /t REG_EXPAND_SZ /d ""g:\Application Data"" /f"

WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\hl5280test", "Test Dept. Mono Laser"
WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\mx2600n", "Reception Color Copier"
WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\mxm283n", "Quality Dept. Mono Copier"

'WshNetwork.SetDefaultPrinter "\\filer-1\HP5200-1"


' This section of script will prevent the baloon window that appears when printing
' to a network shared printer after XP Service Pack 2 is installed.
'=====================================

Path = "HKCU\Printers\Settings\EnableBalloonNotificationsRemote"
WshShell.RegWrite Path, 0 ,"REG_DWORD"

'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing

'Quit the Script
wscript.quit
</file>

==== Lourdes - BAT ====

<file>
REM To set the time when clients logon to the domain:
net time %LOGONSERVER% /set /yes

REM Un-map all drive letters
net use * /d /y

REM To map a home directory to drive h:
net use h: /home

net use f: %LOGONSERVER%\company persistent:no
net use n: %LOGONSERVER%\nydocs persistent:no
net use p: %LOGONSERVER%\contracts persistent:no
net use q: %LOGONSERVER%\quality persistent:no
net use t: %LOGONSERVER%\test persistent:no
net use s: %LOGONSERVER%\autosketch persistent:no

REM net use z: /d /y

REM pause

REM Exit befor installing Remote Support Tool
exit

rem Install SC Remote Support Tool on all workstations

if exist "C:\Program Files\TightVNC\tvnserver.exe" goto end
if %username%==admin call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==Admin call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMIN call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==administrator call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==Administrator call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMINISTRATOR call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMINISTRATOR pause 
:end
</file>

==== By User Group - VBS ====

<file>
Const ENGINEERING_GROUP     = "cn=engineering"
Const FINANCE_GROUP         = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"

Set wshNetwork = CreateObject("WScript.Network")
wshNetwork.MapNetworkDrive "h:",
"\\FileServer\Users\" & wshNetwork.UserName

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" &
ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(strGroups, ENGINEERING_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Engineering\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\EngLaser"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\Plotter"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\EngLaser"

ElseIf InStr(strGroups, FINANCE_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Finance\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\FinLaser"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\FinLaser"

ElseIf InStr(strGroups, HUMAN_RESOURCES_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Human Resources\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\HrLaser"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\HrLaser"

End If
</file>

==== Determine Workstation OS ====

http://www.grimadmin.com/article.php/batchfile-easy-way-to-detect-os-version

=== Batch File Method 1 ===

<file>
@ECHO off
SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

FOR /f "tokens=1,2* delims=." %%a IN ('ver') DO (

SET WVer=%%a
SET WVer=!WVer:~-1!
SET WVer=!WVer!.%%b.%%c
SET WVer=!WVer:]=!
)

IF DEFINED ProgramFiles(x86) (
SET OSBit=x64
) ELSE (
SET OSBit=x86
)

ECHO %WVer% %OSBit%
</file>

=== Batch File Method 2 ===

<file>
@ECHO OFF
::  ****************************************
::     My Login Script Title - Change Me     
::  ***************************************

::  ------   Variables  ------
SET WINVER=NotSupported
SET errMsg1=
SET netlogon=\\xxx\netlogon
TITLE Logon Script File at xxxxx

::  ------ OS analyze  ------
if %OS%==Windows_NT goto setOS
GOTO error

:setOS
VER | FIND "Windows 2000 [Version 5"  >NUL && SET WINVER=W2K
VER | FIND "Windows XP [Version 5"  >NUL && SET WINVER=WXP
VER | FIND "Windows [Version 6"  >NUL && SET WINVER=WVista
VER | FIND "Windows [Version 6.1.7600"  >NUL && SET WINVER=W7
IF "%WINVER%"=="" GOTO beforeEnd

:perUser
IF %USERNAME%==xxxx GOTO testArea

:perOS
:: ------   Windows 2000   ------
IF %WINVER%==W2K (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   Windows XP   ------
IF %WINVER%==WXP (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   Windows Vista   ------
IF %WINVER%==WVista (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   W7   ------
IF %WINVER%==W7 (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
GOTO beforeEnd

:testArea
CALL %netlogon%\mapdrives_test.bat
CALL %netlogon%\log.bat
GOTO beforeEnd

:error

:beforeEnd

:end
</file>

===== Printers =====

This will allow regular (unprivileged) users to add printers from your print server.

In Group Policy:

**Computer Configuration -> Administrative Templates -> Printers -> Point and Print Restrictions**

  - Set it to "Enabled"
  - Put a check box in "Users can only point and print to these servers:"
  - Enter your print server name in the box "servername.domainname.com"
  - Set both Security Prompts to "Do not show"