[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Run Policy managed login scripts after Vpn connection

Posted on 2009-04-09
6
Medium Priority
?
1,259 Views
Last Modified: 2013-12-27
I am working on a new VPN project for my company.  I am looking for a solution that will allow me to run the users login scripts after the user logs into the VPN.  I found some information from 2006, but the route they were going was unaccaptable.  I am using the Cisco System VPN client for the users.  The option to Login to VPN before logging into windows is NOT an option.  RDP for the users is not an option.  

The users login to their pc's with their Domain credentials which are cached on the local machines.  After the user is connected to the vpn, I need a script or bat file that can call the users login script from active directory.  we have a complicated user structure, so I'm sure some variables will need to be determined.  

The location of the bat files to run are as follows.

\\domaiincontroller\sysvol\DC.DC.DC\Policies\{D6E30270-E798-4701-B39D-44AF5439E531}\User\Scripts\Logon\IT.bat

Each script is different for different departments so the policy number - {D6E30270-E798-4701-B39D-44AF5439E531} - can be different based on assigned policy.

So I need to figure out what command the policy runs to launch my login script as shown above.

Any help would be appreciated.
0
Comment
Question by:DJBrotherDon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 24108946
You can not apply GPO policies if the connection back to the LAN does not exist.
GPO application relies on the "Slow link detection" mechanism.

The establishment of the VPN is after the user has already logged into the system. The only way to run the scripts is for the user to run them or if the option exists in the VPN client you use to run those scripts.

What is it you want to enforce on the Remote VPN connected system?
0
 

Author Comment

by:DJBrotherDon
ID: 24109395
We are implementing RSA Authentication for our VPN and are planning on using RSA Software tokens.  Being logged into the laptop is necesary to see the token.  This is why we will not be using Login to VPN prior to logging into windows.  Im not looking to run the policies before connecting to the network, The network connection to the domain will be established.  However, the Machine looks to run the policies upon login, not upon network connectivity.  So if the computer doesnt see the Domain, it can't find the policy to run the script upon login to the machine.

So.  My goal is to yes, run the scripts by setting the VPN Clients "Application Launcher" option.  This option could run a bat file that would launch the policy.  What caommnd if any tells the computer, Ok, im on the domain,  run my Login policies which should query the logged in credential and run the users login script!!

Let me know what else you might need..
0
 
LVL 80

Expert Comment

by:arnold
ID: 24112237
If the VPN client has an Application launcher option, it will trigger the "Application Launcher" event when the VPN is established.

The RSA authentication is for the purposes to connect to the VPN.  Is the RSA needed to login into the Laptop?

If you do need to have RSA to login into the laptop and you need RSA to connect to the VPN, you would need the VPN established before you can attempt to login into the laptop unless the RSA servers are internet accessible.

Unless you provide each laptop user with a VPn capable site-to-site configured router to which the laptop connects, I think you will have many difficulties getting to what you want.



0
 

Author Comment

by:DJBrotherDon
ID: 24134475
The Laptops DO NOT require RSA to log in.  Cached Active Directory login is used to log into the laptops.  The RSA is ONLY for VPN access only.  

0
 
LVL 80

Accepted Solution

by:
arnold earned 1000 total points
ID: 24134691
In your setup, there is no way to automate the running of the scripts.
What is the significance of the running of the scripts as it relates to letting the user complete their task.  I.e. if the tasks that are performed by those scripts are needed, the user will be willing to run the scripts.

If the running of the script is something that you as the network/systems admin think will be useful, you would have to persuade the user to run them.

The other problem is that you are not referencing a single script but several which presumably are the result of the OU in which the user is.

The only way to get the laptop to run the login scripts that apply to the user is to have a VPN to a DC present prior to user login.
Upon login the user can establish the two factor VPN connection either through the existing site-to-site VPN or a separate VPN to the network.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question