Robb Dunn wrote this modular VBS logon script that solves most small business needs easily.
Script: http://community.spiceworks.com/scripts/show/299
Official Howto: http://community.spiceworks.com/how_to/show/1189
Server 2008 GPO: https://www.petri.com/setting-up-logon-script-through-gpo-windows-server-2008
There is a 5 minute delay in logon script processing. Starting with Windows Server 2012 R2, there is a GPO that configures this delay. http://www.itsupportkb.com/windows-2012r2/gpo-logon-script-not-running-windows-server-2012r2
If you are trying to map a drive letter that is already mapped to something else, you will want to disconnect that previous mapping so the new mapping will occur.
If you are implementing RDS, you probably want to implement the logon script the old Windows NT way specifying the script in the Profile tab of users in ADUC.
C:\Windows\SYSVOL\sysvol\domain.local\scripts
logon.vbs
gpmc.msc
logon.vbs
with Robb's script as the contentslogon.vbs config:global.conf
<order> meta=1 drives=3 printers=2 processes=4 include=5 </order> <meta> description=For all users created=02/12/12 author=Gene Cooper </meta> <drives> m:\\DC1\Company p:\\DC1\Homes$\sUser t:\\DC1\Test|group:testgroup rem z:\\server\share </drives> <printers> \\DC1\pdfcreator;default rem \\server\hpprinter|group:Print Users rem \\server\colorprinter|-group:domain users|group:Colorprint Users rem \\server\faxprinter|ip:192.168.0.23 </printers> <processes> rem c:\windows\write.exe </processes> <include> rem File1.inc rem File2.inc|computerOU:OU=test,OU=domain computers rem File3.inc|group:marketing </include>
Place this file in the includes
folder.
Run these commands if logged in as an administrator:
<processes> firewall.bat </processes>
@ECHO OFF :: *************************************** :: Modify Firewall Based on OS :: *************************************** SETLOCAL ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION FOR /f "tokens=1,2* delims=." %%a IN ('ver') DO ( SET WVer=%%a SET WVer=!WVer:~-1! SET WVer=!WVer!.%%b.%%c SET WVer=!WVer:]=! ) IF DEFINED ProgramFiles(x86) ( SET OSBit=x64 ) ELSE ( SET OSBit=x86 ) ECHO %WVer% %OSBit% pause REM exit :: ------ Variables ------ SET WINVER=NotSupported :: ------ OS analyze ------ echo %OS% pause if %OS%==Windows_NT goto setOS GOTO error :setOS VER | FIND "Windows 2000 [Version 5" >NUL && SET WINVER=W2K VER | FIND "Windows XP [Version 5" >NUL && SET WINVER=WXP VER | FIND "Windows [Version 6" >NUL && SET WINVER=WVista VER | FIND "Windows [Version 6.1.7600" >NUL && SET WINVER=W7 REM ECHO %WINVER% REM pause IF "%WINVER%"=="" GOTO error :perOS :: ------ Windows XP ------ IF %WINVER%==WXP ( netsh firewall set service RemoteAdmin enable netsh firewall add portopening protocol=tcp port=135 name= TCP135 netsh firewall add portopening protocol=udp port=135 name= UDP135 netsh firewall set service type = fileandprint mode = enable netsh firewall set icmpsetting 8 pause GOTO end ) :: ------ W7 ------ IF %WINVER%==W7 ( netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes pause GOTO end ) :error ECHO "Unsupported OS - press 'enter' to continue" pause :end exit 0
Start → Run → %temp%
If a group policy (GPO) doesn't seem to take effect:
gpupdate /force
from an administrative command promptgpresult /r