logon script policies

Tutorials Win: Microsoft Windows Forum

we use a combo of batch file and kixtart scripts for our logon
process. I'd like to get the logon script process into a GPO as
opposed to putting the batch file name in every user profile.

First, I just want to confirm this is the best way to do it - I would
think so as right now we have many users that don't have the logon
script field properly set, most likely because the person who created
the account didn't follow the proper steps!

Second, Do I need to include all of the logon-script related files in
the policy, or is it perfectly acceptable to just add the batch file
that does the calling into the policy and include lines like the
following in the batch file that calls files in the netlogon share :

\\%logonserver%\netlogon\files\kix32.exe \\%logonserver%\netlogon
\script.kix

or...

%0\..\files\kix32.exe %0\..\\netlogon\script.kix


...and speaking of which, are one of the methods better than the other
for referring to files in the netlogon share from a logon script??

Thank You!!

- JayDee
Top

Re: logon script policies by Meinolf

Meinolf
Sat Mar 29 06:42:18 PDT 2008

Hello JayDee,

The advantage of the logon script in the user properties field is, that you
have a basic set of configuration available for all users, doesn't matter
where you place them in the OU's. In the OU's you can specify logon scripts
based on the functions for the special OU's. To change the field for all
users it is really easy if you have server 2003, create saved query under
ADUC for all user accounts, mark all users in this query and rightclick,
open properties and here you have some fields that you can change for all
users together, including the logon script.

For GPO based logon scripts or startup scripts you have to place the needed
files also to this policy.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> we use a combo of batch file and kixtart scripts for our logon
> process. I'd like to get the logon script process into a GPO as
> opposed to putting the batch file name in every user profile.
>
> First, I just want to confirm this is the best way to do it - I would
> think so as right now we have many users that don't have the logon
> script field properly set, most likely because the person who created
> the account didn't follow the proper steps!
>
> Second, Do I need to include all of the logon-script related files in
> the policy, or is it perfectly acceptable to just add the batch file
> that does the calling into the policy and include lines like the
> following in the batch file that calls files in the netlogon share :
>
> \\%logonserver%\netlogon\files\kix32.exe \\%logonserver%\netlogon
> \script.kix
>
> or...
>
> %0\..\files\kix32.exe %0\..\\netlogon\script.kix
>
> ...and speaking of which, are one of the methods better than the other
> for referring to files in the netlogon share from a logon script??
>
> Thank You!!
>
> - JayDee
>


Top

Re: logon script policies by JayDee

JayDee
Mon Mar 31 19:40:45 PDT 2008

On Mar 29, 6:42=A0am, Meinolf Weber <meiweb(nospam)@gmx.de> wrote:
> Hello JayDee,
>
> The advantage of the logon script in the user properties field is, that yo=
u
> have a basic set of configuration available for all users, doesn't matter
> where you place them in the OU's. In the OU's you can specify logon script=
s
> based on the functions for the special OU's. To change the field for all
> users it is really easy if you have server 2003, create saved query under
> ADUC for all user accounts, mark all users in this query and rightclick,
> open properties and here you have some fields that you can change for all
> users together, including the logon script.
>
> For GPO based logon scripts or startup scripts you have to place the neede=
d
> files also to this policy.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confe=
rs
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
>
> > we use a combo of batch file and kixtart scripts for our logon
> > process. I'd like to get the logon script process into a GPO as
> > opposed to putting the batch file name in every user profile.
>
> > First, I just want to confirm this is the best way to do it - I would
> > think so as right now we have many users that don't have the logon
> > script field properly set, most likely because the person who created
> > the account didn't follow the proper steps!
>
> > Second, Do I need to include all of the logon-script related files in
> > the policy, or is it perfectly acceptable to just add the batch file
> > that does the calling into the policy and include lines like the
> > following in the batch file that calls files in the netlogon share :
>
> > \\%logonserver%\netlogon\files\kix32.exe \\%logonserver%\netlogon
> > \script.kix
>
> > or...
>
> > %0\..\files\kix32.exe %0\..\\netlogon\script.kix
>
> > ...and speaking of which, are one of the methods better than the other
> > for referring to files in the netlogon share from a logon script??
>
> > Thank You!!
>
> > - JayDee- Hide quoted text -
>
> - Show quoted text -

I was thinking about creating a policy that runs a script doing a
"DSMOD user -loscr <ScriptPath>" to set the Script Path instead of
dealing with a gigantic policy that contains all the logon script-
related files.

Is there any advantage to putting the actual logon script inside the
policy vs. using the DSMOD solution above to point OU's to the
appropriate policy? I would think one would be security, but outside
of that, would there be any difference in speed or something else? I
would think not.

Thanks.

- JayDee
Top