Link to home
Start Free TrialLog in
Avatar of DJBrotherDon
DJBrotherDon

asked on

Run Policy managed login scripts after Vpn connection

I am working on a new VPN project for my company.  I am looking for a solution that will allow me to run the users login scripts after the user logs into the VPN.  I found some information from 2006, but the route they were going was unaccaptable.  I am using the Cisco System VPN client for the users.  The option to Login to VPN before logging into windows is NOT an option.  RDP for the users is not an option.  

The users login to their pc's with their Domain credentials which are cached on the local machines.  After the user is connected to the vpn, I need a script or bat file that can call the users login script from active directory.  we have a complicated user structure, so I'm sure some variables will need to be determined.  

The location of the bat files to run are as follows.

\\domaiincontroller\sysvol\DC.DC.DC\Policies\{D6E30270-E798-4701-B39D-44AF5439E531}\User\Scripts\Logon\IT.bat

Each script is different for different departments so the policy number - {D6E30270-E798-4701-B39D-44AF5439E531} - can be different based on assigned policy.

So I need to figure out what command the policy runs to launch my login script as shown above.

Any help would be appreciated.
Avatar of arnold
arnold
Flag of United States of America image

You can not apply GPO policies if the connection back to the LAN does not exist.
GPO application relies on the "Slow link detection" mechanism.

The establishment of the VPN is after the user has already logged into the system. The only way to run the scripts is for the user to run them or if the option exists in the VPN client you use to run those scripts.

What is it you want to enforce on the Remote VPN connected system?
Avatar of DJBrotherDon
DJBrotherDon

ASKER

We are implementing RSA Authentication for our VPN and are planning on using RSA Software tokens.  Being logged into the laptop is necesary to see the token.  This is why we will not be using Login to VPN prior to logging into windows.  Im not looking to run the policies before connecting to the network, The network connection to the domain will be established.  However, the Machine looks to run the policies upon login, not upon network connectivity.  So if the computer doesnt see the Domain, it can't find the policy to run the script upon login to the machine.

So.  My goal is to yes, run the scripts by setting the VPN Clients "Application Launcher" option.  This option could run a bat file that would launch the policy.  What caommnd if any tells the computer, Ok, im on the domain,  run my Login policies which should query the logged in credential and run the users login script!!

Let me know what else you might need..
If the VPN client has an Application launcher option, it will trigger the "Application Launcher" event when the VPN is established.

The RSA authentication is for the purposes to connect to the VPN.  Is the RSA needed to login into the Laptop?

If you do need to have RSA to login into the laptop and you need RSA to connect to the VPN, you would need the VPN established before you can attempt to login into the laptop unless the RSA servers are internet accessible.

Unless you provide each laptop user with a VPn capable site-to-site configured router to which the laptop connects, I think you will have many difficulties getting to what you want.



The Laptops DO NOT require RSA to log in.  Cached Active Directory login is used to log into the laptops.  The RSA is ONLY for VPN access only.  

ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial