Home
User Group Policy – Logon Scripts

User Group Policy – Logon Scripts

July 30, 2007 No Comments Group Policy, w2k3

Logon Script Group Policy

Creating Logon Scripts to map network drives and map printers, have been around since the dawn of networking.  Microsoft’s Group policy embraces this Logon Script concept by supplying not 1 but 4 settings:  Two Logon and Logoff policies are found in the User Configuration. In addition Windows Server 2003 Group Policies have two Startup and Shutdown scripts, but these settings are found in the Computer Configuration section of Group Policy.

Windows Server 2003 Logon Script Group Policy

User Configuration

    Windows Settings

       Scripts (Logon / Logoff)

           Logon Scripts

           Logoff Scripts

           Assign Logon Scripts with PowerShell 

  ‡

Scripts (Logon / Logoff)

There are several reasons that I am particularly interested in scripting policies.  Firstly, I use logon scripts as one of my ‘Litmus Tests’ to judge amateurs and professionals.  If you use Windows Server 2003 policies to assign VBScript Logon Scripts, then I consider you a professional, whereas if you prefer adding batch files to a user’s property sheet, then I consider you an old fashioned ‘Luddite’.

Next, I would like to identify three different tasks for logon scripts:

  1. Set the scope of the logon script.  By that I mean which drives and which printers to map in the VBScript.
  2. Write the script using VBScript or JScript.  See Logon Script Section.
  3. Assign the Logon scripts via Windows Server 2003 Group Policies.  It is this ‘wiring-up’ of the script to the policy, that I am going to explain on this page.

Guy Recommends: Permissions Analyzer – Free Active Directory ToolFree Permissions Analyzer for Active Directory

I like thePermissions Monitor because it enables me to see quickly WHO has permissions to do WHAT.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free utility saves when you are troubleshooting authorization problems for users access to a resource.  Give this permissions monitor a try – it’s free!

Download Permissions Analyser – Free Active Directory Tool

Logon ScriptsGroup Policy - Logon Script

Presuming that you have written or copied the VBScripts, all we have to do in Group Policy is add the .VBS file to the appropriate dialog box.  I find that it is much better to copy the .VBS file into memory before you open the policy box, than to try and navigate once the dialog box is open.

My point is that I would prefer to right-click and paste, rather than use the Open and Browse option.  See picture opposite.

If you do experiment with the ‘Browse’ and ‘Look in’ buttons, then you will see the very long path where Group Policies in general and Logon Scripts in particular are stored. \Windows\sysvol\sysvol\domain\policies.

Logoff Scripts

Professional administrators use these logoff scripts to remove network drives and to disconnect printers.  An up-and-coming use of Group Policies is to create logoff scripts is to delete temporary files and perform other house keeping tasks.  The script executes while the user logs off – I like it!

Introduction to Logon Scripts with VBScript

When I first saw Windows 2003, I investigated the new features. I wondered:  ‘How do I assign logon scripts to users?’   I came up with two methods; the traditional NT 4.0 style or assigning VBScripts via Active Directory Group Policies.  (The traditional method was via the User’s Properties, Profile tab.)

I even took a I step back and asked the more fundamental question:  ‘What am I trying to achieve here?’  The answer was, ‘To provide users with the best environment for their work’. This lead me to investigate VBScript methods for providing mapped network drives and connecting to shared printers.

Good news.  Scripting possibilities improve dramatically when you progress from the old DOS batch files, to the new WSH with its rich VBScript verbs.  When you survey the big picture, you realize that Logon Scripts are only one of many jobs for WSH and VBScript. My point is that knowledge of these scripting objects, syntax and methods will help you automate other computer tasks.  As a bonus, if you master assigning Logon Scripts by Group Policy, then you will see how to apply other settings using Group Policy (GPMC)

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v12 v12

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

Perhaps the NPM’s best feature is the way it suggests solutions to network problems.  Its second best feature is the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.

Download your free trial of SolarWinds Network Performance Monitor.

PowerShell Creates Logon Script for Group Policy

The problem with a PowerShell logon script is that you cannot simply assign a .ps1 file as a logon script; because, by design, Windows 7 or Vista won’t be able to execute it.  Fortunately, there is a work-around and that is to create a VBScript script which calls your PowerShell script.  To my mind this whole procedure is telling me clearly, this is not the best way of configuring logon settings.

However, if this is what you want, then PowerShell can play its part via the -comObject.  Here is a MapNetworkDrive example:

# PowerShell Logon Script Example
$net = $(New-Object -ComObject WScript.Network)
$net.MapNetworkDrive("F:", "\\BigServer\Stuff")

Note 1: Assume that you save the above code in C:\PowerShell\logon.ps1

Note 2: Now call the logon.ps1 file from VBScript thus:

Group Policy Drive MapsGroup Policy Map Drive

The modern group policy method of drive mapping does not require any knowledge of either VBScript or PowerShell.  In Windows Server 2008 you can launch the GPMC and configure Drive Maps in the Preferences section.  See more on Group Policy Drive Maps.

Summary of Windows Server 2003 Script Command Policy

Microsoft’s Group policy embraces the Logon Script concept by supplying four settings:  Logon and Logoff policies are found in the User Configuration.  In addition Windows Server 2003 Group Policies have Startup and Shutdown scripts.  Creating Logon Scripts to map network drives and map printers is a separate skill requiring VBScript experience.


Group Policy ebook Windows 2003Download my ‘Master Group Policies’ ebook only $6.25

The extra features you get in your eBook include: Spreadsheet with over 850 policies.  Printer friendly version over Word A4 pages in Word.

See more User Group Policies for Windows

Group Policy Overview  • Group Policies   • Control Policies   • Desktop Policies

Logon Script Group Policies   • Administrative Template Policies   •Group Policy Results

Group Policy Management Console   • Folder Redirection Windows Server 2003

If you like this page then please share it with your friends

 

About The Author

Guy Thomas

Related Posts