Solved

login.bat in active directory.  Can I apply the login script to my computers OU or does it need to be at the User OU?

Posted on 2010-08-21
6
528 Views
Last Modified: 2012-05-10
I'm not able to move all my users in the User OU (long story).  Is there a way to apply the login script to run on the computer?  I usually create a gpo that runs a login.bat for users in my OU.  I need  login.bat to run for all computers.  Can i create a gpo that runs the login.bat for my computers OU (under, Computer Configuration - Windows Settings - Scripts - Startup)?

0
Comment
Question by:victor2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 33493785
Hmmm....your answer seems to be in the question -- so maybe I am not reading the question correctly?

If you set up a startup script in the OU, that script will run for the computer regardless of user.  But that script will run once on the computer at startup, not multiple times on each user login.

What you can do though is go old-school.  Instead of specifying the login script in Active Directory policies, specify the login script in the user account (Profile tab).
0
 
LVL 8

Accepted Solution

by:
jessmca earned 300 total points
ID: 33494270
You can.
You need to enable loopback processing, then apply the user policy to a computer ou only

http://support.microsoft.com/kb/231287
0
 
LVL 13

Assisted Solution

by:Ben Personick (Previously QCubed)
Ben Personick (Previously QCubed) earned 200 total points
ID: 33494294
You have several options:

Via GPO

NOTE: * You MUST use the "User" side of the GPO for a "LOG ON script".  A "Start-Up Script" will only run each time the computer boots up.
*  Because you are setting a "User" GPO it must be applied in a way that there will be users involved.
*  You should ensure you have the Group Policy Management MMC downloaded and installed on your Server it makes managing GPOs much easier)

 Create a separate GPO to run your logon script.  Apply the GPO to the root of the domain, and either apply it to every OU that has inheritance blocked, OR  set it to "ENFORCED" in group policy management MMC.  Doing either of those will ensure all users including the ones in OUs which have GPO inheritance blocked.

Via User Profiles:

Right click on the root of the domain, click search, and use the built in method or write a query in the advanced tab to select all users, highlight all users by CTRL+A, and right click on one of them, click properties.  you will see a 'generic' properties page that allows you to globally change some settings, change to the profile tab, type the name of the batch file into the logon script text box.

Via each computer's start-up folder:


Via Shedualed tasks
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 13
ID: 33494299
FF, screwed up , here is part 2--

via each computer's start-up folder:

  Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).



  The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.

Use SCHTasks to schedule a task to run the
0
 
LVL 13
ID: 33494352
FF, screwed up , here is part 2------again--

Via each computer's start-up folder:

 Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).

  The script that is placed on each client machine should only have 1 line, which will set the ECHO off and then will CALL the actual logon script from your domain controller If it exists (See attached example)  NOTE:  You can put a link to the batch file on the domain controller instead if you prefer.

 The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.
Via Scheduled tasks on each computer:

Use SCHTasks to schedule a task to run each of the client computers.  That task will be a direct invocation of the script on the domain controller (similar to the last option except there is no file you need to use to do it.

To schedule your batch file on each computer you can use a start-up GPO to get it done on each machine next time it's restarted, or you can write a script to schedule the task on every computer that does not have it, which runs regularly on the domain controller.
Note in the following examples you supply the parts within the []s:

To schedule the task on the computer executing the command:
schtasks /Create /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]

To Schedule the task on different computer:

schtasks /Create /S [ComputerName] /U [Username_To_Connect-To-The-Computer] /P [Password_To_Connect-To-The-Computer] /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]
@ECHO OFF& IF EXIST "\\MyDomain.Com\NETLOGON\LogonScript.bat" CALL "\\MyDomain.Com\NETLOGON\LogonScript.bat"

Open in new window

0
 
LVL 13
ID: 33524387
Thanks for the points mate!  ~Q
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question