Starting a program on logon to Terminal Server (2000), based on Group, but displaying the desktop for other groups

I have a Windows 2000 Advanced Server acting as a Terminal Server within an Active Directory Domain.  I have set up several users to log on to this TS machine as Local Users and set them up as members of various Local Groups.  They log on to the computer, not the domain itself, via Terminal Services.

I want each member of a particular group to call a specific batch file at logon.  Currently I can do that by specifying the name of the batch file in the Environment tab of the User properties (in Computer Management, Local Users and Groups).  I want to make this simpler by specifying that each TS user runs a single batch file on login, in which is contained a set of switches that runs the appropriate application.  I have the batch file set up but when I implement it in Terminal Services Configuration - Environment - Start the following program when the user logs on, if no particular program is called in the batch file (i.e. for an Administrator), the batch file terminates (as it should) but no desktop is displayed -- the user is simply logged off.

How can I assign some applications to run at logon for some groups (and log them off when the application is closed, as occurs when I set a batch file to start on logon as above);  but for other groups (Administrators), to display the desktop without automatically logging the user off?

As I mentioned, the users are local to this computer, and I'd prefer not to install them in AD, but if I absolutely must, I would like to know how to go about doing it correctly for the above scenario.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Create a batch script as below;

@echo off

IF /i %USERNAME%==administrator GOTO :ADMIN

CMD /C explorer.exe

CMD /C C:<Application>

Try this for your administrator first. what it does it, checks the username and launches the application you specified. It also checks to see if it is Administrator and if so instead of launching the application, it will go to desktop directly.

This can be a start, and you can configure the same thing for different groups to launch different programs.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bradley FoxLAN/WAN Systems AdministratorCommented:
I'm not sure if these users log on to a workstation locally anywhere so...

If they log on locally somewhere else I would create a Group.  If they do not log on anywhere else I would create an OU in AD and place these users in it.  (Do not place Administrator in the group/OU)

Then I would create a Group Policy Object (GPO) under the OU or in the root of the domain if you are using a group.

Disable Computer Config

User Config --> Admin Templates --> Windows Componets --> Terminal Services
"Start a Program on Connection"
Place the path to your batch file there

Security for the GPO (under properties):
If you are using a group add the group and give them read and apply permissions
If you are using an OU make sure you created the GPO under that OU only and give read and apply permissions to "Authenticated Users"
psk1Author Commented:

Thanks.  The "cmd /c explorer.exe" did it.  Unfortunately, the DOS window doesn't close after the desktop appears, so I echo'd a line to instruct the admin to do it manually.  If you know of a way to get rid of the window, by all means I'd like to know.  The segment of my batch file is as follows:

echo You may close this window once the desktop has appeared.
cmd "/c explorer.exe"

(the exit statement is apparently doing nothing though)

mcsween, thanks for your comment -- unfortunately your suggestion appears to be much more complicated to implement.  These users log on nowhere but on the Terminal Server and are Local Users there.  I'm not sure how to create an OU in AD at the DC.  :D
psk1Author Commented:
I changed "cmd /c explorer.exe" to "start /b explorer.exe" and the window disappears immediately.  Perfect.  Thanks!
Cool. Thnx forthe points.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.