Logon Script Issue

Posted on 2009-07-16
Last Modified: 2012-05-07
Not sure why the script has now begun running on both the local machine and when the user logs onto Citrix. So I've got a couple user logging onto dumb terminals from dsl sites and they're complaining of slow responses. I've gotten networks to give me the top talkers and I see that the script is mapping drives on the local machine even if the user a member of the ctxprop security group.

Any ideas?
Question by:Nelesh_N
  • 4
  • 2
LVL 12

Accepted Solution

Daniel Borger earned 500 total points
ID: 24868203
I try to put the Citrix servers in their own OU and block inheritance so that things do not overlap. Then you can add the scripts to group policies there and link to others if needed. To get user settings from that group policy you need to set administrative templates\group policy\loopback processing mode to replace or merge if there are setting you want coming from the users other GPO's.
You can also do the same thing with the dumb terminals since they would not get the benifit from most group policies. you can put them in a seperate OU and block everything from running on them.

Author Comment

ID: 24893192
Do you think that I might have something to do with slow link detection, which is not enabled?
LVL 12

Assisted Solution

by:Daniel Borger
Daniel Borger earned 500 total points
ID: 24894729
Not really thinking that direction. the DSL user could be slow due to group polices being pushed to the clients over the wire.
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.


Author Comment

ID: 24911955
So the script looks at group membership to determine whether to run the drive mappings locally or not. When the user logs onto a Citrix session it checks the os version (5.1) and checks the registry to see if Citrix is installed it then assumes that this user is logged onto a Citrix session and then continues with mapping the drives. Okay cool this works for users at most sites and at Head Office. The dsl sites points to the head office dc's. I found that this may be location related because if I go to dsl site A and logon with an account from Site B - script works fine. But if I try to logon with the same user account at sites B the drives are mapped locally. All scripts work correctly at head office. I think that the script is not able to determine group membership at site B.

What would prevent the script from determining groiup membership?

Author Comment

ID: 25149928
Okay so I copied the GPO (in the even tI would need to make any changes) Created atest OU, applied the copied gpo,  blocked inheritance and and moved one user to the OU. Testing to be completed for this user. Next step is to not use the gpo to send out the logon script but add the logon script to the users ad properties. I did find that there was three other gpo's being applied and all were set to enforced.

feedback shortly...

Author Closing Comment

ID: 31604139

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
This script will sweep a range of IP addresses (class c only, and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now