Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » windows » logon_script
Trace: logon_script
networking:windows:logon_script

Table of Contents

Login Scripts

See also Modular Logon Script

http://www.rlmueller.net/LogonScriptFAQ.htm

The old Windows NT style of managing logon scripts still works, and is probably sufficient for small organizations. However the new Group Policy methods are more powerful and more flexible.

You would assign a Logon script on the “Profile” tab of the user properties if you have client computers with Windows 95, Windows 98, Windows ME, or Windows NT. Group Policy is not applied on computers with these operating systems. If all of your clients have at least Windows 2000, you could use Group Policy to assign Logon scripts.

Troubleshooting

http://pcloadletter.co.uk/2010/05/15/missing-network-drives/

http://serverfault.com/questions/95379/why-wont-my-logon-scripts-map-drives-under-windows-7

http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/0a7943b4-db41-443b-8ca5-9eea1db6b27a

Windows NT Method

Login scripts are generally found here:

%SystemRoot%\sysvol\sysvol\<domain DNS name>\scripts

Scripts are assigned to users with the Active Directory Users and Computers (ADUC) tool. Edit a user object and enter the script name on the Profile tab.

Group Policy Method

  1. Start → Run → gpmc.msc
  2. Create or edit an existing Group Policy Object (GPO)
  3. Right-click the GPO → Edit

User Configuration → Policies → Windows Settings → Scripts → Logon → Properties → Add

User Configuration → Policies → Windows Settings → Scripts → Logon → Properties → Show Files

Run Commands Based on Workstation OS

:!: This needs testing and updating.

To execute commands based on the host OS, you can create an include and use the following code: 

If instr(lcase(sOSCaption),"windows 7") then
Call RunProcess("\\test\netlogon\exe\test.cmd",true)
ElseIf instr(lcase(sOSCaption),"windows xp") then
Call RunProcess("\\test\netlogon\exe\test.cmd",true)
End If

Groups and IDs

http://support.microsoft.com/kb/243330

http://networkadminkb.com/KB/a41/differences-between-authenticated-users-domain-users.aspx

http://ss64.com/nt/syntax-security_groups.html

Sample Logon Scripts

Lourdes - VBS

ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("intra.lourdesinc.com")

UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Synchronizes the time with Server our NTP Server
'WSHShell.Run "NET TIME \\lisvrwin /set /y"


'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
    WSHNetwork.RemoveNetworkDrive clDrives.Item(i)
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

Set WSHPrinters = WSHNetwork.EnumPrinterConnections
For LOOP_COUNTER = 0 To WSHPrinters.Count - 1 Step 2    
    If Left(WSHPrinters.Item(LOOP_COUNTER +1),2) = "\\" Then
      WSHNetwork.RemovePrinterConnection WSHPrinters.Item(LOOP_COUNTER +1),True,True
    End If
Next

'Map drives needed by all
WSHNetwork.MapNetworkDrive "H:", "\\lisvrwin\users\" + UserString,True
WSHNetwork.MapNetworkDrive "F:", "\\lisvrwin\company",True
WSHNetwork.MapNetworkDrive "N:", "\\lisvrwin\nydocs",True
WSHNetwork.MapNetworkDrive "P:", "\\lisvrwin\contracts",True
WSHNetwork.MapNetworkDrive "Q:", "\\lisvrwin\quality",True
WSHNetwork.MapNetworkDrive "T:", "\\lisvrwin\test",True
WSHNetwork.MapNetworkDrive "S:", "\\lisvrwin\autosketch",True

'WSHShell.Run "REG ADD ""HKEY_CURRENT_USER\software\Microsoft\windows\CurrentVersion\Explorer\User Shell Folders"" /v AppData /t REG_EXPAND_SZ /d ""g:\Application Data"" /f"

WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\hl5280test", "Test Dept. Mono Laser"
WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\mx2600n", "Reception Color Copier"
WSHNetwork.AddWindowsPrinterConnection "\\lisvrwin\mxm283n", "Quality Dept. Mono Copier"

'WshNetwork.SetDefaultPrinter "\\filer-1\HP5200-1"


' This section of script will prevent the baloon window that appears when printing
' to a network shared printer after XP Service Pack 2 is installed.
'=====================================

Path = "HKCU\Printers\Settings\EnableBalloonNotificationsRemote"
WshShell.RegWrite Path, 0 ,"REG_DWORD"

'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing

'Quit the Script
wscript.quit

Lourdes - BAT

REM To set the time when clients logon to the domain:
net time %LOGONSERVER% /set /yes

REM Un-map all drive letters
net use * /d /y

REM To map a home directory to drive h:
net use h: /home

net use f: %LOGONSERVER%\company persistent:no
net use n: %LOGONSERVER%\nydocs persistent:no
net use p: %LOGONSERVER%\contracts persistent:no
net use q: %LOGONSERVER%\quality persistent:no
net use t: %LOGONSERVER%\test persistent:no
net use s: %LOGONSERVER%\autosketch persistent:no

REM net use z: /d /y

REM pause

REM Exit befor installing Remote Support Tool
exit

rem Install SC Remote Support Tool on all workstations

if exist "C:\Program Files\TightVNC\tvnserver.exe" goto end
if %username%==admin call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==Admin call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMIN call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==administrator call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==Administrator call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMINISTRATOR call %logonserver%\netlogon\SCRemoteSupportInstaller.exe
if %username%==ADMINISTRATOR pause 
:end

By User Group - VBS

Const ENGINEERING_GROUP     = "cn=engineering"
Const FINANCE_GROUP         = "cn=finance"
Const HUMAN_RESOURCES_GROUP = "cn=human resources"

Set wshNetwork = CreateObject("WScript.Network")
wshNetwork.MapNetworkDrive "h:",
"\\FileServer\Users\" & wshNetwork.UserName

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" &
ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(strGroups, ENGINEERING_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Engineering\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\EngLaser"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\Plotter"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\EngLaser"

ElseIf InStr(strGroups, FINANCE_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Finance\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\FinLaser"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\FinLaser"

ElseIf InStr(strGroups, HUMAN_RESOURCES_GROUP) Then

    wshNetwork.MapNetworkDrive "g:",
    "\\FileServer\Human Resources\"
    wshNetwork.AddWindowsPrinterConnection
    "\\PrintServer\HrLaser"
    wshNetWork.SetDefaultPrinter
    "\\PrintServer\HrLaser"

End If

Determine Workstation OS

http://www.grimadmin.com/article.php/batchfile-easy-way-to-detect-os-version

Batch File Method 1

@ECHO off
SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION

FOR /f "tokens=1,2* delims=." %%a IN ('ver') DO (

SET WVer=%%a
SET WVer=!WVer:~-1!
SET WVer=!WVer!.%%b.%%c
SET WVer=!WVer:]=!
)

IF DEFINED ProgramFiles(x86) (
SET OSBit=x64
) ELSE (
SET OSBit=x86
)

ECHO %WVer% %OSBit%

Batch File Method 2

@ECHO OFF
::  ****************************************
::     My Login Script Title - Change Me     
::  ***************************************

::  ------   Variables  ------
SET WINVER=NotSupported
SET errMsg1=
SET netlogon=\\xxx\netlogon
TITLE Logon Script File at xxxxx

::  ------ OS analyze  ------
if %OS%==Windows_NT goto setOS
GOTO error

:setOS
VER | FIND "Windows 2000 [Version 5"  >NUL && SET WINVER=W2K
VER | FIND "Windows XP [Version 5"  >NUL && SET WINVER=WXP
VER | FIND "Windows [Version 6"  >NUL && SET WINVER=WVista
VER | FIND "Windows [Version 6.1.7600"  >NUL && SET WINVER=W7
IF "%WINVER%"=="" GOTO beforeEnd

:perUser
IF %USERNAME%==xxxx GOTO testArea

:perOS
:: ------   Windows 2000   ------
IF %WINVER%==W2K (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   Windows XP   ------
IF %WINVER%==WXP (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   Windows Vista   ------
IF %WINVER%==WVista (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
:: ------   W7   ------
IF %WINVER%==W7 (
    CALL %netlogon%\mapdrives.bat
    CALL %netlogon%\log.bat
    GOTO beforeEnd   
)
GOTO beforeEnd

:testArea
CALL %netlogon%\mapdrives_test.bat
CALL %netlogon%\log.bat
GOTO beforeEnd

:error

:beforeEnd

:end

Printers

This will allow regular (unprivileged) users to add printers from your print server.

In Group Policy:

Computer Configuration → Administrative Templates → Printers → Point and Print Restrictions

  1. Set it to “Enabled”
  2. Put a check box in “Users can only point and print to these servers:”
  3. Enter your print server name in the box “servername.domainname.com”
  4. Set both Security Prompts to “Do not show”
networking/windows/logon_script.txt · Last modified: 2013/12/15 12:15 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki