enable logon script for VPN

When a user logs in locally, the logon script runs and sets the drive mappings, etc.
When the same user VPN's in to the network, the login script doesn't even run!
How do I get the script to run when the user VPN's in.  Do I set a GPO?  The script is set in the users profile, so why won't it run?
LVL 1
SwiftPointAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

firemanf29Commented:
What is your VPN solution?
0
arnoldCommented:
The reason a login script does not run when the connection is a VPN is likely because the user loged into the localcomputer prior to getting the VPN established.  The slow link detection is how the system determines whether to apply the GPO or not.

Like to prior post, depending on what you use to establish the VPN, you might be able to tie in a script that will map drives after the VPN is established.

0
SwiftPointAuthor Commented:
There should be a way to do this in the GPO; this works for local logins, or somehow tell the system to execute the script in the user profile for a VPN connection.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

arnoldCommented:
Does the VPN have to be established for the user to login into the system?
If it does, you need to reduce the link speed detection requirement from 500k to 1k or less in the GPO.
0
SwiftPointAuthor Commented:
We are still having the issue.

The environment is a Windows 2003 Remote Access Services PPTP VPN.

Users are constantly having to manually browse to the Logon folder and run the
login batch file one they remote in to RAS.

When logging in locally to the network the logon script runs automatically.

0
arnoldCommented:
The GPO does not apply unless the DC is within range and that is determined through the slow link check at startup.
Does the workstation's configuration is such that the VPN is established upon startup or is the VPN started by the user upon login into the workstation (at which point the login script would have run if the system was on the LAN).

Be careful with altering the slow speed check from 500kbs.  The effect could be that the system could get locked out either through password policy (three wrong login attempts, Redirected folders could have issues, etc. rendering the remote system inoperable.)

It seems that you have found a cure which is to get the remote user upon establishing the VPN to run the script (Login script on the LAN).
0
SwiftPointAuthor Commented:
Thanks Arnold...not sure I would call manually starting the login script a solution, but that is how we
are managing it now. We need this automated.

To answer your question, the user is manually starting the VPN connection.
0
arnoldCommented:
The only way in this setup to make this automated is if the VPN client can execute a process after the VPN is established.  Alternatively, creating a script that will initiate the VPN connection and once that is complete will trigger the execution of the login script..

But since the VPN is manually initiated by the user, so must the script.
0
SwiftPointAuthor Commented:
hmm..ok...I would expect that if were were using MS RAS and Active Directory they would work together to
make this happen automatically.
0
SwiftPointAuthor Commented:
Do you know how to add a batch file/script to a GPO so we can centrally manage the execution of a script for
calling the Login script.

Is there a particular GPO we should use, or do we need to create a new one?
0
arnoldCommented:
The login script is part of the user configuration settings in the GPO.
GPOs do not get applied to VPN connected user unless the Slow link test is passed by the remote system. When GPO processing begins on the system usually right after startup, it detects a DC with a connection speed of at least 500kbs.  This means the VPN must be established prior to the user login attempt and not triggered by the user after the login.  There are VPN clients that can be setup to run as a service upon boot, but I am not sure it is a good idea since one would want to limit the exposure of the LAN by limiting the remote system's access to the LAN to only when the user needs to access some resources only available on the LAN.  Setting up the system to always be connected to the LAN, exposes the LAN to a potential virus/worm, or if the system was left unattended for someone with access to the remote system to browse through the LAN.

Given the user already has to initiate a process to establish the VPN why not let the user run the script that maps the drives as needed?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SwiftPointAuthor Commented:
Thanks...we were hoping we could automate this...but seems had the only solution available in place. This expert confirmed we need to manually run the Login script.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.