Jason210
asked on
GPO questions
I've just started using GPOs on AD containers in Windows 2003 server, and I need some help.
Previously, I have run log on scripts from NETLOGON. Each user had his or her own script that mapped drives and printers etc.
Is there any advantage to using GPO for log on scripts instead?
Next question: Is there a GPO that will log off a user after a certain amount of inactivity (ie user is away from keyboard?)
Finally, can I use GPO to control who logs on to which workstation? I want to restrict one group of users from logging on to certain workstations.
Please advise and show how :-)
Previously, I have run log on scripts from NETLOGON. Each user had his or her own script that mapped drives and printers etc.
Is there any advantage to using GPO for log on scripts instead?
Next question: Is there a GPO that will log off a user after a certain amount of inactivity (ie user is away from keyboard?)
Finally, can I use GPO to control who logs on to which workstation? I want to restrict one group of users from logging on to certain workstations.
Please advise and show how :-)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
luv2smile - that's a very good reason for using GPO!
But individual users on our system require their own personal, mapped drive when the log on - actually a folder on the file server that only that user has rights to.
When you set the script in the profile you can use the %username% thing. Can you do that in the log on script GPO?
Incidently - what's a log off script for? What kind of things would you want to use this for?
But individual users on our system require their own personal, mapped drive when the log on - actually a folder on the file server that only that user has rights to.
When you set the script in the profile you can use the %username% thing. Can you do that in the log on script GPO?
Incidently - what's a log off script for? What kind of things would you want to use this for?
The scripts in GPO are standard scripts, so all the usual environment variables are available. Meaning yes, you can use %username%.
An example for a log-off script is that it could delete temporary files, and other tidying tasks.
An example for a log-off script is that it could delete temporary files, and other tidying tasks.
ASKER
Thanks!
ASKER
Last question!
Where does one store log on scripts that are going to be used with GPO?
Where does one store log on scripts that are going to be used with GPO?
The scripts can be stored anywhere, so long as the user has access to that location e.g. a network share.
The official MS answer though is that the scripts should be stored with the GPO. There is a good guide here: http://www.serverwatch.com/tutorials/article.php/1474241
It must be said, I tend to put my scripts in one place on the server to which all users have read-only access. Not best practise, but I find it easier.
The official MS answer though is that the scripts should be stored with the GPO. There is a good guide here: http://www.serverwatch.com/tutorials/article.php/1474241
It must be said, I tend to put my scripts in one place on the server to which all users have read-only access. Not best practise, but I find it easier.
ASKER
I don't see why one needs to create a GPO to ensure a script is run. If you put a script in NETLOGON, then point to it with the profile tab of the AD user properties box, it will run. I've never known this fail.