Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » logon_script_modular
Trace: webmin_backup ssh omnios logon_script_modular
networking:windows:logon_script_modular

This is an old revision of the document!

Table of Contents

Modular Logon Script

http://ninp.snappages.com/blog/2010/03/03/332010-modular-logon-script-download

Script: http://community.spiceworks.com/scripts/show/299

Howto: http://community.spiceworks.com/how_to/show/1189

:!: There is a 5 minute delay in logon script processing. Starting with Windows Server 2012 R2, there is a GPO that configures this delay.

Eliminate 5-minute delay in logon script processing: http://www.itsupportkb.com/windows-2012r2/gpo-logon-script-not-running-windows-server-2012r2

Robb Dunn wrote this modular VBS logon script that solves most small business needs easily.

Howto

If a group policy (GPO) doesn't seem to take effect, run gpupdate /force from an administrative command prompt…even on the Domain Controller.

:!: Use the Windows NT method…it always works.

  1. Download and copy the logon.vbs file to the the appropriate folder on the domain controller where the script will be run.
    1. Windows NT method
      1. C:\Windows\SYSVOL\sysvol\domain.local\scripts
    2. Group Policy method
      1. Start → Run → gpmc.msc
        1. Right-click the domain and choose Create a GPO in this domain, and link it here
        2. Name it Logon Script
        3. Right-click the logon Script policy and choose Edit
        4. User Configuration → Policies → Windows Settings → Scripts → Logon → Properties
          1. Show Files
          2. Create the file 'logon.vbs'
  2. Create two additional folders in the same directory called 'configs' and 'includes'.
  3. Create a configuration file in the 'configs' folder named 'global.conf'.
  4. Using either the Windows NT method or the Group Policy method, call the login script specifying the config file as an argument: logon.vbs config:global.conf
    1. Note the spelling
  5. Use the detailed log files generated to troubleshoot and verify script execution.

Sample global.conf

<order>
meta=1
drives=3
printers=2
processes=4
include=5
</order>

<meta>
description=For all users
created=02/12/12
author=Gene Cooper
</meta>

<drives>
m:\\DC1\Company
p:\\DC1\Homes$\sUser 
t:\\DC1\Test|group:testgroup
rem z:\\server\share
</drives>

<printers>
\\DC1\pdfcreator;default
rem \\server\hpprinter|group:Print Users
rem \\server\colorprinter|-group:domain users|group:Colorprint Users
rem \\server\faxprinter|ip:192.168.0.23
</printers>

<processes>
rem c:\windows\write.exe
</processes>

<include>
rem File1.inc
rem File2.inc|computerOU:OU=test,OU=domain computers
rem File3.inc|group:marketing
</include>

Sample admin.inc

Place this file in the includes folder.

Run these commands if logged in as an administrator: 

<processes>
firewall.bat
</processes>

Sample firewall.bat

@ECHO OFF
::  ***************************************
::     Modify Firewall Based on OS    
::  ***************************************

SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

FOR /f "tokens=1,2* delims=." %%a IN ('ver') DO (

SET WVer=%%a
SET WVer=!WVer:~-1!
SET WVer=!WVer!.%%b.%%c
SET WVer=!WVer:]=!
)

IF DEFINED ProgramFiles(x86) (
SET OSBit=x64
) ELSE (
SET OSBit=x86
)

ECHO %WVer% %OSBit%
pause
REM exit

::  ------   Variables  ------
SET WINVER=NotSupported

::  ------ OS analyze  ------
echo %OS%
pause
if %OS%==Windows_NT goto setOS
GOTO error

:setOS
VER | FIND "Windows 2000 [Version 5"  >NUL && SET WINVER=W2K
VER | FIND "Windows XP [Version 5"  >NUL && SET WINVER=WXP
VER | FIND "Windows [Version 6"  >NUL && SET WINVER=WVista
VER | FIND "Windows [Version 6.1.7600"  >NUL && SET WINVER=W7
REM ECHO %WINVER%
REM pause
IF "%WINVER%"=="" GOTO error

:perOS
:: ------   Windows XP   ------
IF %WINVER%==WXP (
    netsh firewall set service RemoteAdmin enable
    netsh firewall add portopening protocol=tcp port=135 name= TCP135
    netsh firewall add portopening protocol=udp port=135 name= UDP135
    netsh firewall set service type = fileandprint mode = enable
    netsh firewall set icmpsetting 8
    pause
    GOTO end   
)

:: ------   W7   ------
IF %WINVER%==W7 (
    netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
    pause
    GOTO end   
)

:error
ECHO "Unsupported OS - press 'enter' to continue"
pause

:end
exit 0

Troubleshooting

Start → Run → %temp%

  • Look for logon_<your-conf-file>.log for login details.
  • If you don’t see the logfile here, then you know that the script did NOT run.
networking/windows/logon_script_modular.1429054712.txt.gz · Last modified: 2015/04/14 17:38 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki