Solved

Run Policy managed login scripts after Vpn connection

Posted on 2009-04-09
6
1,242 Views
Last Modified: 2013-12-27
I am working on a new VPN project for my company.  I am looking for a solution that will allow me to run the users login scripts after the user logs into the VPN.  I found some information from 2006, but the route they were going was unaccaptable.  I am using the Cisco System VPN client for the users.  The option to Login to VPN before logging into windows is NOT an option.  RDP for the users is not an option.  

The users login to their pc's with their Domain credentials which are cached on the local machines.  After the user is connected to the vpn, I need a script or bat file that can call the users login script from active directory.  we have a complicated user structure, so I'm sure some variables will need to be determined.  

The location of the bat files to run are as follows.

\\domaiincontroller\sysvol\DC.DC.DC\Policies\{D6E30270-E798-4701-B39D-44AF5439E531}\User\Scripts\Logon\IT.bat

Each script is different for different departments so the policy number - {D6E30270-E798-4701-B39D-44AF5439E531} - can be different based on assigned policy.

So I need to figure out what command the policy runs to launch my login script as shown above.

Any help would be appreciated.
0
Comment
Question by:DJBrotherDon
  • 3
  • 2
6 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 24108946
You can not apply GPO policies if the connection back to the LAN does not exist.
GPO application relies on the "Slow link detection" mechanism.

The establishment of the VPN is after the user has already logged into the system. The only way to run the scripts is for the user to run them or if the option exists in the VPN client you use to run those scripts.

What is it you want to enforce on the Remote VPN connected system?
0
 

Author Comment

by:DJBrotherDon
ID: 24109395
We are implementing RSA Authentication for our VPN and are planning on using RSA Software tokens.  Being logged into the laptop is necesary to see the token.  This is why we will not be using Login to VPN prior to logging into windows.  Im not looking to run the policies before connecting to the network, The network connection to the domain will be established.  However, the Machine looks to run the policies upon login, not upon network connectivity.  So if the computer doesnt see the Domain, it can't find the policy to run the script upon login to the machine.

So.  My goal is to yes, run the scripts by setting the VPN Clients "Application Launcher" option.  This option could run a bat file that would launch the policy.  What caommnd if any tells the computer, Ok, im on the domain,  run my Login policies which should query the logged in credential and run the users login script!!

Let me know what else you might need..
0
 
LVL 77

Expert Comment

by:arnold
ID: 24112237
If the VPN client has an Application launcher option, it will trigger the "Application Launcher" event when the VPN is established.

The RSA authentication is for the purposes to connect to the VPN.  Is the RSA needed to login into the Laptop?

If you do need to have RSA to login into the laptop and you need RSA to connect to the VPN, you would need the VPN established before you can attempt to login into the laptop unless the RSA servers are internet accessible.

Unless you provide each laptop user with a VPn capable site-to-site configured router to which the laptop connects, I think you will have many difficulties getting to what you want.



0
 

Author Comment

by:DJBrotherDon
ID: 24134475
The Laptops DO NOT require RSA to log in.  Cached Active Directory login is used to log into the laptops.  The RSA is ONLY for VPN access only.  

0
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 24134691
In your setup, there is no way to automate the running of the scripts.
What is the significance of the running of the scripts as it relates to letting the user complete their task.  I.e. if the tasks that are performed by those scripts are needed, the user will be willing to run the scripts.

If the running of the script is something that you as the network/systems admin think will be useful, you would have to persuade the user to run them.

The other problem is that you are not referencing a single script but several which presumably are the result of the OU in which the user is.

The only way to get the laptop to run the login scripts that apply to the user is to have a VPN to a DC present prior to user login.
Upon login the user can establish the two factor VPN connection either through the existing site-to-site VPN or a separate VPN to the network.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SQL Command Tool comes with APEX under SQL Workshop. It helps us to make changes on the database directly using a graphical user interface. This helps us writing any SQL/ PLSQL queries and execute it on the database and we can create any database ob…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now