PowerShell 3.0 Logon Script

Creating PowerShell v 3.0 Logon Scripts

I love logon scripts.  It saddens me that Group Policies are replacing logon scripts as a method of providing access to ‘Shares’ and network printers.  My point: while I am delighted to help you with PowerShell 3.0 logon scripts, really, you should at least look at Group Policy alternatives.

Topics For PowerShell 3.0 Logon Scripts

This article breaks-down the task of getting logon scripts to work into bite-sized chunks:


PowerShell Logon Script Incorporating VBScript Commands

Our test example will be a script that maps a network share to a local drive letter – say ‘P:’.  Let us begin by making sure the VBScript method called MapNetworkDrive works smoothly.

Recap of Pure VBScript

# Pure VBScript – For Information Only
Set objNetwork = WScript.CreateObject("WScript.Network")
objNetwork.MapNetworkDrive "P:" , "\\YourMachine\Stuff"

This may sound bizarre, but I often share out a folder on my local machine, and use that in my test script.  My reasoning is this, when getting started I want to avoid problems associated with permissions, firewalls, or flaky wireless networks.  My example script assumes you have a share called ‘Stuff’.

Update: I now prefer PowerShell's New-PSDrive

Creating the PowerShell 3.0 Logon Script File

Adding the PowerShell Wrapper to VBScript Commands
The crucial piece of knowledge is that PowerShell has a cmdlet called New-Object.  Furthermore, you should specify the type of object as: WScript.Network.

# PowerShell v 3 Logon Script Example
$Net = $(New-Object -ComObject WScript.Network)
$Net.MapNetworkDrive("P:", "\\YourMachine\Stuff")

Note 0: Naturally, to get this example working you need to change \\YourMachine to a computer on your network.

Note 1: You may recognise $Net = as declaring a variable.

Note 2: Our old VBScript friend MapNetworkDrive is method that is available to the ComObject called WScript.Network.

Note 3: If you are not familiar with VBScript, then here is a refresher on VBScript Logon Scripts.

Update: See Also PowerShell New-PSDrive -Persist

Note 4: This is how to assign your PowerShell file to Group Policy

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v11.5 v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Testing the .ps1 Logon Script

Assuming the above script works, then we can progress to saving the commands into a .ps1 file.  The easiest way is using the PowerShell 3.0 ISE; simply go to the file menu and ‘Save’, just as you would with an application like Notepad.

By design, and by default, script paranoia will prevent our PowerShell .ps1 file from actually running.  Let us take a time-out and investigate how to overcome this problem by changing the computer’s Execution policy.

# Windows PowerShell v 3 Execution Policy

The result is likely: Restricted.

Fortunately, we can use the sister verb called ‘Set’ to allow PowerShell scripts to run.PowerShell 3.0 Logon Script Example

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Note 4: ‘Set’ instigates a serious change in your machine’s ability run scripts, so you should read the on-screen message before you click ‘Ok’.

Note 5: If time permits please check the other options such as RemoteSigned, and for later experiments, Bypass.

Assigning Your Logon Script with Group PolicyPowerShell 3.0 Logon Script Gpedit.msc

The last part of our mission is to ‘wire-up’ the PowerShell logon script to a Group Policy.  On a stand-alone machine launch Gpedit.msc, or on a Domain Controller launch GPMC.msc.

Make sure you expand the User Configuration, then examine the Windows settings, where you should find:

Scripts (Logon/Logoff) … see screenshot.

Naturally, you select ‘Logon’ from the right pane.  What happens next depends on whether you have Windows 7 or Windows Server 2003 R2 or later.

As ever, if you have an up-to-date operating system, then configuring is easy.  Select the PowerShell Scripts tab, then click on ‘Add…’ and now make the connection between your PowerShell.ps1 file and the ‘Scripts’ policy.

If you have an old system such as XP or Windows 2003, see plan B.


Assign PowerShell 3.0 Logon Script

Note 6: The trick is to copy your logon.ps1 file (into memory) then paste into the location revealed by the ‘Add…’ button.

The actual location C:\Windows\System32\GroupPolicy\User\Scripts\Logon is a hidden folder.  This is one reason the above interface provides a ‘Show Files…’ button.  To see the files in Windows Explorer you may need to change the folder view options.

Another frustration is if you try and paste files to this folder using the Windows Explorer you get permissions problems.  For reasons I don’t fully understand, if you paste using the Policy Editor it just works, whereas Explorer just complains about permissions.

Troubleshooting: I get much more success if I wrap the PowerShell file in an old-fashioned .bat file, see here.

Engineer's Toolset v10Guy Recommends: SolarWinds Engineer’s Toolset v10

This Engineer’s Toolset v10 provides a comprehensive console of 50 utilities for troubleshooting computer problems.  Guy says it helps me monitor what’s occurring on the network, and each tool teaches me more about how the underlying system operates.

There are so many good gadgets; it’s like having free rein of a sweetshop.  Thankfully the utilities are displayed logically: monitoring, network discovery, diagnostic, and Cisco tools.  Try the SolarWinds Engineer’s Toolset now!

Download your fully functional trial copy of the Engineer’s Toolset v10

Troubleshooting PowerShell 3.0 Group Policy

Assigning PowerShell scripts to Group Policy always gives me trouble.  My best advice is keep trying slightly different options.  Wherever possible make it simpler and simpler, seek to isolate one item at a time.  For example test, the logon.ps1 file in isolation, check that Group Policy is working by having a .vbs file with just one command:
WScript.Echo "Logon Script".

Latency – I found a 2-3 minute delay before Group Policy delivered my mapped network drive; most strange, but it was a pre-beta release.

One problem in Windows 7 (and later) is that mapped network drives don’t show up in Windows Explorer.  However, you can ‘see’ them in PowerShell!  By that I mean GetChildItem "Drive Letter" lists the files, actually plain C:\ (or other drive letter) lists the files. 

Help with logon script error code 8007052E

.Bat – An Alternative Wrapper for Logon Scripts

Batch files for logon scripts are strictly a Plan B option; a fall-back for situations where the above method fails.  If you created .bat files in the days when DOS was king, then this is straightforward process, if not, then just copy and paste!

The situation is that something is preventing you from assigning the PowerShell logon script to a Group Policy.  The solution is to create a .bat file that calls your PowerShell .ps1 file (holding the commands to map a drive).  Observe the neat feature of the PowerShell file: -Bypass.  The purpose of this parameter is to over-ride any restrictions that maybe present on the computer where you want to run a logon script.

:PSLogon.bat Example
Powershell -NoLogo -file \\Computer\PShell\logon.ps1 -executionpolicy bypass

Note 7: The above script is for testing.  Below is the real deal, with commands to suppress profiles.  (: means remark)

:PSLogon.bat PowerShell Example
Powershell -NoLogo -file \\Computer\PShell\logon.ps1 -WindowStyle hidden -NoProfile -executionpolicy bypass

See more about external PowerShell commands.

More Information:

Summary of PowerShell 3.0 Logon Scripts

This article breaks down the task into self-contained components: creating the logon Scripts, testing the .ps1 files; and the tricky part: assigning your script.  If all else fails with Group Policy, try a .Bat file as an alternative wrapper for your PowerShell 3.0 Logon Scripts.

If you like this page then please share it with your friends


See more Microsoft PowerShell tasks:

PowerShell Home   • Shell Application   • New-Object   • PowerShell Add Printer   • PowerShell -com

PowerShell Logon Script  • Map Network Drive  • PowerShell Create Shortcut  • Free CSV Import Tool

Invoke-Expression   • Invoke-Command   • Invoke-Item   • PowerShell Expression v Command Mode

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.