Creating PowerShell v 3.0 Logon Scripts
I love logon scripts. It saddens me that Group Policies are replacing logon scripts as a method of providing access to ‘Shares’ and network printers. My point: while I am delighted to help you with PowerShell 3.0 logon scripts, really, you should at least look at Group Policy alternatives.
Topics For PowerShell 3.0 Logon Scripts
This article breaks-down the task of getting logon scripts to work into bite-sized chunks:
- PowerShell Logon Script Incorporating VBScript Commands
- Creating the PowerShell 3.0 Logon Script File
- Testing the .ps1 Logon Script
- Assigning Logon Script to Group Policy
- .Bat – Alternative Wrapper for Logon Scripts
♣
PowerShell Logon Script Incorporating VBScript Commands
Our test example will be a script that maps a network share to a local drive letter – say ‘P:’. Let us begin by making sure the VBScript method called MapNetworkDrive works smoothly.
Recap of Pure VBScript
# Pure VBScript – For Information Only
Set objNetwork = WScript.CreateObject("WScript.Network")
objNetwork.MapNetworkDrive "P:" , "\\YourMachine\Stuff"
This may sound bizarre, but I often share out a folder on my local machine, and use that in my test script. My reasoning is this, when getting started I want to avoid problems associated with permissions, firewalls, or flaky wireless networks. My example script assumes you have a share called ‘Stuff’.
Update: I now prefer PowerShell's New-PSDrive
Creating the PowerShell 3.0 Logon Script File
Adding the PowerShell Wrapper to VBScript Commands
The crucial piece of knowledge is that PowerShell has a cmdlet called New-Object. Furthermore, you should specify the type of object as: WScript.Network.
# PowerShell v 3 Logon Script Example
$Net = $(New-Object -ComObject WScript.Network)
$Net.MapNetworkDrive("P:", "\\YourMachine\Stuff")
Note 0: Naturally, to get this example working you need to change \\YourMachine to a computer on your network.
Note 1: You may recognise $Net = as declaring a variable.
Note 2: Our old VBScript friend MapNetworkDrive is method that is available to the ComObject called WScript.Network.
Note 3: If you are not familiar with VBScript, then here is a refresher on VBScript Logon Scripts.
Update: See Also PowerShell New-PSDrive -Persist
Note 4: This is how to assign your PowerShell file to Group Policy
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM) v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Testing the .ps1 Logon Script
Assuming the above script works, then we can progress to saving the commands into a .ps1 file. The easiest way is using the PowerShell 3.0 ISE; simply go to the file menu and ‘Save’, just as you would with an application like Notepad.
By design, and by default, script paranoia will prevent our PowerShell .ps1 file from actually running. Let us take a time-out and investigate how to overcome this problem by changing the computer’s Execution policy.
# Windows PowerShell v 3 Execution Policy
Get-ExecutionPolicy
The result is likely: Restricted.
Fortunately, we can use the sister verb called ‘Set’ to allow PowerShell scripts to run.
Clear-Host
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Get-ExecutionPolicy
Note 4: ‘Set’ instigates a serious change in your machine’s ability run scripts, so you should read the on-screen message before you click ‘Ok’.
Note 5: If time permits please check the other options such as RemoteSigned, and for later experiments, Bypass.
Assigning Your Logon Script with Group Policy
The last part of our mission is to ‘wire-up’ the PowerShell logon script to a Group Policy. On a stand-alone machine launch Gpedit.msc, or on a Domain Controller launch GPMC.msc.
Make sure you expand the User Configuration, then examine the Windows settings, where you should find:
Scripts (Logon/Logoff) … see screenshot.
Naturally, you select ‘Logon’ from the right pane. What happens next depends on whether you have Windows 7 or Windows Server 2003 R2 or later.
As ever, if you have an up-to-date operating system, then configuring is easy. Select the PowerShell Scripts tab, then click on ‘Add…’ and now make the connection between your PowerShell.ps1 file and the ‘Scripts’ policy.
If you have an old system such as XP or Windows 2003, see plan B.
®