Guy recommends :
Free SolarWinds
VM Console

Find out which of your VMs are a waste of space and which VMs need more resources.

Custom Search

1) FreePing
2) Engineer's Toolset
3) Xobni
4) PuTTY
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) IP Address Tracker
9) DNS Stuff
10) WinDiff Compare

PowerShell 3.0 Logon Script

Creating PowerShell v 3.0 Logon Scripts

I love logon scripts. It saddens me that Group Policies are replacing logon scripts as a method of providing access to 'Shares' and network printers. My point: while I am delighted to help you with PowerShell 3.0 logon scripts, really, you should at least look at Group Policy alternatives.

Topics For PowerShell 3.0 Logon Scripts

This article breaks-down the task of getting logon scripts to work into bite-sized chunks:

PowerShell Logon Script Incorporating VBScript Commands
Creating the PowerShell 3.0 Logon Script File
Testing the .ps1 Logon Script
Assigning Logon Script to Group Policy
.Bat - Alternative Wrapper for Logon Scripts

♣

PowerShell Logon Script Incorporating VBScript Commands

Our test example will be a script that maps a network share to a local drive letter - say 'P:'. Let us begin by making sure the VBScript method called MapNetworkDrive works smoothly.

Recap of Pure VBScript

# Pure VBScript - For Information Only
Set objNetwork = WScript.CreateObject("WScript.Network")
objNetwork.MapNetworkDrive "P:" , "\\YourMachine\Stuff"

This may sound bizarre, but I often share out a folder on my local machine, and use that in my test script. My reasoning is this, when getting started I want to avoid problems associated with permissions, firewalls, or flaky wireless networks. My example script assumes you have a share called 'Stuff'.

Creating the PowerShell 3.0 Logon Script File

Adding the PowerShell Wrapper to VBScript Commands
The crucial piece of knowledge is that PowerShell has a cmdlet called New-Object. Furthermore, you should specify the type of object as: WScript.Network.

# PowerShell v 3 Logon Script Example
$Net = $(New-Object -ComObject WScript.Network)
$Net.MapNetworkDrive("P:", "\\YourMachine\Stuff")

Note 0: Naturally, to get this example working you need to change \\YourMachine to a computer on your network.

Note 1: You may recognise $Net = as declaring a variable.

Note 2: Our old VBScript friend MapNetworkDrive is method that is available to the ComObject called WScript.Network.

Note 3: If you are not familiar with VBScript, then here is a refresher on VBScript Logon Scripts.

Note 4: This is how to assign your PowerShell file to Group Policy

Guy Recommends: SolarWinds' Free Bulk Import Tool

Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD's attributes, click to import the users. Optionally, you can provide the name of the OU where the new accounts will be born.

There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:

Bulk-import new users into Active Directory.
Seek and zap unwanted user accounts.
Find inactive computers.

Download your FREE bulk import tool.

Testing the .ps1 Logon Script

Assuming the above script works, then we can progress to saving the commands into a .ps1 file. The easiest way is using the PowerShell 3.0 ISE; simply go to the file menu and 'Save', just as you would with an application like Notepad.

By design, and by default, script paranoia will prevent our PowerShell .ps1 file from actually running. Let us take a time-out and investigate how to overcome this problem by changing the computer's Execution policy.

# Windows PowerShell v 3 Execution Policy
Get-ExecutionPolicy

The result is likely: Restricted.

Fortunately, we can use the sister verb called 'Set' to allow PowerShell scripts to run.

Clear-Host
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Get-ExecutionPolicy

Note 4: 'Set' instigates a serious change in your machine's ability run scripts, so you should read the on-screen message before you click 'Ok'.

Note 5: If time permits please check the other options such as RemoteSigned, and for later experiments, Bypass.

Assigning Your Logon Script with Group Policy

The last part of our mission is to 'wire-up' the PowerShell logon script to a Group Policy. On a stand-alone machine launch Gpedit.msc, or on a Domain Controller launch GPMC.msc.

Make sure you expand the User Configuration, then examine the Windows settings, where you should find:

Scripts (Logon/Logoff) ... see screenshot.

Naturally, you select 'Logon' from the right pane. What happens next depends on whether you have Windows 7 or Windows Server 2003 R2 or later.

As ever, if you have an up-to-date operating system, then configuring is easy. Select the PowerShell Scripts tab, then click on 'Add...' and now make the connection between your PowerShell.ps1 file and the 'Scripts' policy.

If you have an old system such as XP or Windows 2003, see plan B.

Note 6: The trick is to copy your logon.ps1 file (into memory) then paste into the location revealed by the 'Add...' button.

The actual location C:\Windows\System32\GroupPolicy\User\Scripts\Logon is a hidden folder. This is one reason the above interface provides a 'Show Files...' button. To see the files in Windows Explorer you may need to change the folder view options.

Another frustration is if you try and paste files to this folder using the Windows Explorer you get permissions problems. For reasons I don't fully understand, if you paste using the Policy Editor it just works, whereas Explorer just complains about permissions.

Troubleshooting: I get much more success if I wrap the PowerShell file in an old-fashioned .bat file, see here.

Troubleshooting PowerShell 3.0 Group Policy

Assigning PowerShell scripts to Group Policy always gives me trouble. My best advice is keep trying slightly different options. Wherever possible make it simpler and simpler, seek to isolate one item at a time. For example test, the logon.ps1 file in isolation, check that Group Policy is working by having a .vbs file with just one command:
WScript.Echo "Logon Script".

Latency - I found a 2-3 minute delay before Group Policy delivered my mapped network drive; most strange, but it was a pre-beta release.

One problem in Windows 7 (and later) is that mapped network drives don't show up in Windows Explorer. However, you can 'see' them in PowerShell! By that I mean GetChildItem "Drive Letter" lists the files, actually plain C:\ (or other drive letter) lists the files.

Help with logon script error code 8007052E

Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)

SolarWinds' Orion performance monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

Perhaps the NPM's best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of SolarWinds' offer.

Download a free trial of the Network Performance Monitor.

.Bat - An Alternative Wrapper for Logon Scripts

Batch files for logon scripts are strictly a Plan B option; a fall-back for situations where the above method fails. If you created .bat files in the days when DOS was king, then this is straightforward process, if not, then just copy and paste!

The situation is that something is preventing you from assigning the PowerShell logon script to a Group Policy. The solution is to create a .bat file that calls your PowerShell .ps1 file (holding the commands to map a drive). Observe the neat feature of the PowerShell file: -Bypass. The purpose of this parameter is to over-ride any restrictions that maybe present on the computer where you want to run a logon script.

:PSLogon.bat Example
Powershell -NoLogo -file \\Computer\PShell\logon.ps1 -executionpolicy bypass
pause

Note 7: The above script is for testing. Below is the real deal, with commands to suppress profiles. (: means remark)

:PSLogon.bat PowerShell Example
Powershell -NoLogo -file \\Computer\PShell\logon.ps1 -WindowStyle hidden -NoProfile -executionpolicy bypass
:pause

See more about external PowerShell commands.

More Information:

Summary of PowerShell 3.0 Logon Scripts

This article breaks down the task into self-contained components: creating the logon Scripts, testing the .ps1 files; and the tricky part: assigning your script. If all else fails with Group Policy, try a .Bat file as an alternative wrapper for your PowerShell 3.0 Logon Scripts.

If you like this page then please share it with your friends

See more Microsoft PowerShell tutorials:

• PowerShell Home •Shell Application • New-Object • PowerShell create shortcut

• PowerShell Logon Script • Map Network Drive • PowerShell add printer • PowerShell -com

• Invoke-Expression • Invoke-Command

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.

Download my ebook:
Getting Started with PowerShell - only $9.25

You get 36 topics organized into these 3 sections:
   1) Getting Started
   2) Real-life tasks
   3) Examples of Syntax.

In addition to the ebook, you get a PDF version of this Introduction to PowerShell ebook It runs to 120 pages of A4.