?
Solved

Run Policy managed login scripts after Vpn connection

Posted on 2009-04-09
6
Medium Priority
?
1,255 Views
Last Modified: 2013-12-27
I am working on a new VPN project for my company.  I am looking for a solution that will allow me to run the users login scripts after the user logs into the VPN.  I found some information from 2006, but the route they were going was unaccaptable.  I am using the Cisco System VPN client for the users.  The option to Login to VPN before logging into windows is NOT an option.  RDP for the users is not an option.  

The users login to their pc's with their Domain credentials which are cached on the local machines.  After the user is connected to the vpn, I need a script or bat file that can call the users login script from active directory.  we have a complicated user structure, so I'm sure some variables will need to be determined.  

The location of the bat files to run are as follows.

\\domaiincontroller\sysvol\DC.DC.DC\Policies\{D6E30270-E798-4701-B39D-44AF5439E531}\User\Scripts\Logon\IT.bat

Each script is different for different departments so the policy number - {D6E30270-E798-4701-B39D-44AF5439E531} - can be different based on assigned policy.

So I need to figure out what command the policy runs to launch my login script as shown above.

Any help would be appreciated.
0
Comment
Question by:DJBrotherDon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 24108946
You can not apply GPO policies if the connection back to the LAN does not exist.
GPO application relies on the "Slow link detection" mechanism.

The establishment of the VPN is after the user has already logged into the system. The only way to run the scripts is for the user to run them or if the option exists in the VPN client you use to run those scripts.

What is it you want to enforce on the Remote VPN connected system?
0
 

Author Comment

by:DJBrotherDon
ID: 24109395
We are implementing RSA Authentication for our VPN and are planning on using RSA Software tokens.  Being logged into the laptop is necesary to see the token.  This is why we will not be using Login to VPN prior to logging into windows.  Im not looking to run the policies before connecting to the network, The network connection to the domain will be established.  However, the Machine looks to run the policies upon login, not upon network connectivity.  So if the computer doesnt see the Domain, it can't find the policy to run the script upon login to the machine.

So.  My goal is to yes, run the scripts by setting the VPN Clients "Application Launcher" option.  This option could run a bat file that would launch the policy.  What caommnd if any tells the computer, Ok, im on the domain,  run my Login policies which should query the logged in credential and run the users login script!!

Let me know what else you might need..
0
 
LVL 79

Expert Comment

by:arnold
ID: 24112237
If the VPN client has an Application launcher option, it will trigger the "Application Launcher" event when the VPN is established.

The RSA authentication is for the purposes to connect to the VPN.  Is the RSA needed to login into the Laptop?

If you do need to have RSA to login into the laptop and you need RSA to connect to the VPN, you would need the VPN established before you can attempt to login into the laptop unless the RSA servers are internet accessible.

Unless you provide each laptop user with a VPn capable site-to-site configured router to which the laptop connects, I think you will have many difficulties getting to what you want.



0
 

Author Comment

by:DJBrotherDon
ID: 24134475
The Laptops DO NOT require RSA to log in.  Cached Active Directory login is used to log into the laptops.  The RSA is ONLY for VPN access only.  

0
 
LVL 79

Accepted Solution

by:
arnold earned 1000 total points
ID: 24134691
In your setup, there is no way to automate the running of the scripts.
What is the significance of the running of the scripts as it relates to letting the user complete their task.  I.e. if the tasks that are performed by those scripts are needed, the user will be willing to run the scripts.

If the running of the script is something that you as the network/systems admin think will be useful, you would have to persuade the user to run them.

The other problem is that you are not referencing a single script but several which presumably are the result of the OU in which the user is.

The only way to get the laptop to run the login scripts that apply to the user is to have a VPN to a DC present prior to user login.
Upon login the user can establish the two factor VPN connection either through the existing site-to-site VPN or a separate VPN to the network.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
Lotus Notes has been used since a very long time as an e-mail client and is very popular because of it's unmatched security. In this article we are going to learn about  RRV Bucket corruption and understand various methods to Fix "RRV Bucket Corrupt…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question