?
Solved

login.bat in active directory.  Can I apply the login script to my computers OU or does it need to be at the User OU?

Posted on 2010-08-21
6
Medium Priority
?
535 Views
Last Modified: 2012-05-10
I'm not able to move all my users in the User OU (long story).  Is there a way to apply the login script to run on the computer?  I usually create a gpo that runs a login.bat for users in my OU.  I need  login.bat to run for all computers.  Can i create a gpo that runs the login.bat for my computers OU (under, Computer Configuration - Windows Settings - Scripts - Startup)?

0
Comment
Question by:victor2008
  • 4
6 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 33493785
Hmmm....your answer seems to be in the question -- so maybe I am not reading the question correctly?

If you set up a startup script in the OU, that script will run for the computer regardless of user.  But that script will run once on the computer at startup, not multiple times on each user login.

What you can do though is go old-school.  Instead of specifying the login script in Active Directory policies, specify the login script in the user account (Profile tab).
0
 
LVL 8

Accepted Solution

by:
jessmca earned 1200 total points
ID: 33494270
You can.
You need to enable loopback processing, then apply the user policy to a computer ou only

http://support.microsoft.com/kb/231287
0
 
LVL 15

Assisted Solution

by:Ben Personick (Previously QCubed)
Ben Personick (Previously QCubed) earned 800 total points
ID: 33494294
You have several options:

Via GPO

NOTE: * You MUST use the "User" side of the GPO for a "LOG ON script".  A "Start-Up Script" will only run each time the computer boots up.
*  Because you are setting a "User" GPO it must be applied in a way that there will be users involved.
*  You should ensure you have the Group Policy Management MMC downloaded and installed on your Server it makes managing GPOs much easier)

 Create a separate GPO to run your logon script.  Apply the GPO to the root of the domain, and either apply it to every OU that has inheritance blocked, OR  set it to "ENFORCED" in group policy management MMC.  Doing either of those will ensure all users including the ones in OUs which have GPO inheritance blocked.

Via User Profiles:

Right click on the root of the domain, click search, and use the built in method or write a query in the advanced tab to select all users, highlight all users by CTRL+A, and right click on one of them, click properties.  you will see a 'generic' properties page that allows you to globally change some settings, change to the profile tab, type the name of the batch file into the logon script text box.

Via each computer's start-up folder:


Via Shedualed tasks
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 15
ID: 33494299
FF, screwed up , here is part 2--

via each computer's start-up folder:

  Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).



  The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.

Use SCHTasks to schedule a task to run the
0
 
LVL 15
ID: 33494352
FF, screwed up , here is part 2------again--

Via each computer's start-up folder:

 Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).

  The script that is placed on each client machine should only have 1 line, which will set the ECHO off and then will CALL the actual logon script from your domain controller If it exists (See attached example)  NOTE:  You can put a link to the batch file on the domain controller instead if you prefer.

 The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.
Via Scheduled tasks on each computer:

Use SCHTasks to schedule a task to run each of the client computers.  That task will be a direct invocation of the script on the domain controller (similar to the last option except there is no file you need to use to do it.

To schedule your batch file on each computer you can use a start-up GPO to get it done on each machine next time it's restarted, or you can write a script to schedule the task on every computer that does not have it, which runs regularly on the domain controller.
Note in the following examples you supply the parts within the []s:

To schedule the task on the computer executing the command:
schtasks /Create /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]

To Schedule the task on different computer:

schtasks /Create /S [ComputerName] /U [Username_To_Connect-To-The-Computer] /P [Password_To_Connect-To-The-Computer] /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]
@ECHO OFF& IF EXIST "\\MyDomain.Com\NETLOGON\LogonScript.bat" CALL "\\MyDomain.Com\NETLOGON\LogonScript.bat"

Open in new window

0
 
LVL 15
ID: 33524387
Thanks for the points mate!  ~Q
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question