Solved

Run Policy managed login scripts after Vpn connection

Posted on 2009-04-09
6
1,240 Views
Last Modified: 2013-12-27
I am working on a new VPN project for my company.  I am looking for a solution that will allow me to run the users login scripts after the user logs into the VPN.  I found some information from 2006, but the route they were going was unaccaptable.  I am using the Cisco System VPN client for the users.  The option to Login to VPN before logging into windows is NOT an option.  RDP for the users is not an option.  

The users login to their pc's with their Domain credentials which are cached on the local machines.  After the user is connected to the vpn, I need a script or bat file that can call the users login script from active directory.  we have a complicated user structure, so I'm sure some variables will need to be determined.  

The location of the bat files to run are as follows.

\\domaiincontroller\sysvol\DC.DC.DC\Policies\{D6E30270-E798-4701-B39D-44AF5439E531}\User\Scripts\Logon\IT.bat

Each script is different for different departments so the policy number - {D6E30270-E798-4701-B39D-44AF5439E531} - can be different based on assigned policy.

So I need to figure out what command the policy runs to launch my login script as shown above.

Any help would be appreciated.
0
Comment
Question by:DJBrotherDon
  • 3
  • 2
6 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 24108946
You can not apply GPO policies if the connection back to the LAN does not exist.
GPO application relies on the "Slow link detection" mechanism.

The establishment of the VPN is after the user has already logged into the system. The only way to run the scripts is for the user to run them or if the option exists in the VPN client you use to run those scripts.

What is it you want to enforce on the Remote VPN connected system?
0
 

Author Comment

by:DJBrotherDon
ID: 24109395
We are implementing RSA Authentication for our VPN and are planning on using RSA Software tokens.  Being logged into the laptop is necesary to see the token.  This is why we will not be using Login to VPN prior to logging into windows.  Im not looking to run the policies before connecting to the network, The network connection to the domain will be established.  However, the Machine looks to run the policies upon login, not upon network connectivity.  So if the computer doesnt see the Domain, it can't find the policy to run the script upon login to the machine.

So.  My goal is to yes, run the scripts by setting the VPN Clients "Application Launcher" option.  This option could run a bat file that would launch the policy.  What caommnd if any tells the computer, Ok, im on the domain,  run my Login policies which should query the logged in credential and run the users login script!!

Let me know what else you might need..
0
 
LVL 76

Expert Comment

by:arnold
ID: 24112237
If the VPN client has an Application launcher option, it will trigger the "Application Launcher" event when the VPN is established.

The RSA authentication is for the purposes to connect to the VPN.  Is the RSA needed to login into the Laptop?

If you do need to have RSA to login into the laptop and you need RSA to connect to the VPN, you would need the VPN established before you can attempt to login into the laptop unless the RSA servers are internet accessible.

Unless you provide each laptop user with a VPn capable site-to-site configured router to which the laptop connects, I think you will have many difficulties getting to what you want.



0
 

Author Comment

by:DJBrotherDon
ID: 24134475
The Laptops DO NOT require RSA to log in.  Cached Active Directory login is used to log into the laptops.  The RSA is ONLY for VPN access only.  

0
 
LVL 76

Accepted Solution

by:
arnold earned 250 total points
ID: 24134691
In your setup, there is no way to automate the running of the scripts.
What is the significance of the running of the scripts as it relates to letting the user complete their task.  I.e. if the tasks that are performed by those scripts are needed, the user will be willing to run the scripts.

If the running of the script is something that you as the network/systems admin think will be useful, you would have to persuade the user to run them.

The other problem is that you are not referencing a single script but several which presumably are the result of the OU in which the user is.

The only way to get the laptop to run the login scripts that apply to the user is to have a VPN to a DC present prior to user login.
Upon login the user can establish the two factor VPN connection either through the existing site-to-site VPN or a separate VPN to the network.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now