Introduction to Assigning Logon Script via Group Policy
There are two ways of assigning your group policies, either via Group Policy (best) or via the user's individual property sheet. The crucial advantage of employing the Group Policy method is when
you have to change the script name or add a new logon script. It's much easier to change one setting than hunting through Active Directory Users and Computers to find all the affected users Logon
Script dialog box.
Topics for Assigning Logon Script via Group Policy
I assume that you have created the logon script and tested that it meets your goals of Mapping Network Drives or Printers.
My tip is to copy the VBScript (file name) into memory, I will explain how to paste it into the appropriate box. This method also assumes you have an Active Directory domain. As a matter of tactics,
will this be a logon script for all users, or for just one OU?
Open the appropriate Group Policy (domain or OU), I use GPMC (Group Policy Management Console). Always check that you are starting from the correct place in Active Directory Users and Computers. Only you know if you should be at the Domain level, or the OU level. Once you
have navigated to the appropriate part of Active Directory then either use an existing Group Policy, or create a new Group Policy from scratch. Alternatively, if you use the Windows 2000 style
seek out the Group Policy tab. 
To find the logon script settings start by clicking Edit, then navigate to the User Configuration, expand the Windows Settings folder, Scripts and Logon. Now for
my secret ingredient; my top tip is to copy your logon script into memory, so that it is ready to paste. From the Logon Scripts window, click Add, in the Script Name dialog box, click Browse.
Now for the crucial part, right click and Paste. If this does not work, then double click in the big white box under, Look in: Logon Your script should now appear in the window. My point is that by assigning the script using this technique the VBScript ends up in the correct
folder. If you examine that long path seen from the Look in: dialog box you should see your VBScript.
 What this Paste method does is make sure that domain controllers can replicate the logon
script because it's in the correct folder. If you simply add a script using a local path, I doubt that your VBScript will be replicated to other domain controllers.
Observe the Polices folder structure on the domain controller.
The screen shot was taken from under the %windir%\sysvol\ folder. Sometimes you see two sysvol folders. Under the second sysvol you will see your domain name, and further down the actual
group policies. Each policy has sub menus with its templates and scripts.
Concentrate on the folders called Scripts. Do not worry about the {E26D... } hex names. Check that your VBScripts are in the respective Logon or Startup folders.
Earlier I said
observe because I do not want you to rename the group policies with Windows Explorer. If you change those strange hex names, the policies will not work and the new names will give you nothing but
grief. .
To short circuit
Active Directory Group Policy, assign the logon through the user's properties sheet, Profile tab. I don't like this old NT 4.0 method as the final solution, but it narrows down the problem when you are troubleshooting logon scripts.
Incidentally, Profiles tab method is the only way to get logons scripts to work for Windows 9x clients.
Logon Scripts really belong with the other Group Policy settings. While it is possible to assign Logon Scripts via the User's Profile tab, this Active Directory Users and Computers method is only
for backwards compatibility.
See Also● Logon Script Home |
