?
Solved

login.bat in active directory.  Can I apply the login script to my computers OU or does it need to be at the User OU?

Posted on 2010-08-21
6
Medium Priority
?
530 Views
Last Modified: 2012-05-10
I'm not able to move all my users in the User OU (long story).  Is there a way to apply the login script to run on the computer?  I usually create a gpo that runs a login.bat for users in my OU.  I need  login.bat to run for all computers.  Can i create a gpo that runs the login.bat for my computers OU (under, Computer Configuration - Windows Settings - Scripts - Startup)?

0
Comment
Question by:victor2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 33493785
Hmmm....your answer seems to be in the question -- so maybe I am not reading the question correctly?

If you set up a startup script in the OU, that script will run for the computer regardless of user.  But that script will run once on the computer at startup, not multiple times on each user login.

What you can do though is go old-school.  Instead of specifying the login script in Active Directory policies, specify the login script in the user account (Profile tab).
0
 
LVL 8

Accepted Solution

by:
jessmca earned 1200 total points
ID: 33494270
You can.
You need to enable loopback processing, then apply the user policy to a computer ou only

http://support.microsoft.com/kb/231287
0
 
LVL 14

Assisted Solution

by:Ben Personick (Previously QCubed)
Ben Personick (Previously QCubed) earned 800 total points
ID: 33494294
You have several options:

Via GPO

NOTE: * You MUST use the "User" side of the GPO for a "LOG ON script".  A "Start-Up Script" will only run each time the computer boots up.
*  Because you are setting a "User" GPO it must be applied in a way that there will be users involved.
*  You should ensure you have the Group Policy Management MMC downloaded and installed on your Server it makes managing GPOs much easier)

 Create a separate GPO to run your logon script.  Apply the GPO to the root of the domain, and either apply it to every OU that has inheritance blocked, OR  set it to "ENFORCED" in group policy management MMC.  Doing either of those will ensure all users including the ones in OUs which have GPO inheritance blocked.

Via User Profiles:

Right click on the root of the domain, click search, and use the built in method or write a query in the advanced tab to select all users, highlight all users by CTRL+A, and right click on one of them, click properties.  you will see a 'generic' properties page that allows you to globally change some settings, change to the profile tab, type the name of the batch file into the logon script text box.

Via each computer's start-up folder:


Via Shedualed tasks
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 14
ID: 33494299
FF, screwed up , here is part 2--

via each computer's start-up folder:

  Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).



  The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.

Use SCHTasks to schedule a task to run the
0
 
LVL 14
ID: 33494352
FF, screwed up , here is part 2------again--

Via each computer's start-up folder:

 Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).

  The script that is placed on each client machine should only have 1 line, which will set the ECHO off and then will CALL the actual logon script from your domain controller If it exists (See attached example)  NOTE:  You can put a link to the batch file on the domain controller instead if you prefer.

 The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.
Via Scheduled tasks on each computer:

Use SCHTasks to schedule a task to run each of the client computers.  That task will be a direct invocation of the script on the domain controller (similar to the last option except there is no file you need to use to do it.

To schedule your batch file on each computer you can use a start-up GPO to get it done on each machine next time it's restarted, or you can write a script to schedule the task on every computer that does not have it, which runs regularly on the domain controller.
Note in the following examples you supply the parts within the []s:

To schedule the task on the computer executing the command:
schtasks /Create /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]

To Schedule the task on different computer:

schtasks /Create /S [ComputerName] /U [Username_To_Connect-To-The-Computer] /P [Password_To_Connect-To-The-Computer] /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]
@ECHO OFF& IF EXIST "\\MyDomain.Com\NETLOGON\LogonScript.bat" CALL "\\MyDomain.Com\NETLOGON\LogonScript.bat"

Open in new window

0
 
LVL 14
ID: 33524387
Thanks for the points mate!  ~Q
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question