• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

login.bat in active directory. Can I apply the login script to my computers OU or does it need to be at the User OU?

I'm not able to move all my users in the User OU (long story).  Is there a way to apply the login script to run on the computer?  I usually create a gpo that runs a login.bat for users in my OU.  I need  login.bat to run for all computers.  Can i create a gpo that runs the login.bat for my computers OU (under, Computer Configuration - Windows Settings - Scripts - Startup)?

0
victor2008
Asked:
victor2008
  • 4
2 Solutions
 
mds-cosCommented:
Hmmm....your answer seems to be in the question -- so maybe I am not reading the question correctly?

If you set up a startup script in the OU, that script will run for the computer regardless of user.  But that script will run once on the computer at startup, not multiple times on each user login.

What you can do though is go old-school.  Instead of specifying the login script in Active Directory policies, specify the login script in the user account (Profile tab).
0
 
jessmcaCommented:
You can.
You need to enable loopback processing, then apply the user policy to a computer ou only

http://support.microsoft.com/kb/231287
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
You have several options:

Via GPO

NOTE: * You MUST use the "User" side of the GPO for a "LOG ON script".  A "Start-Up Script" will only run each time the computer boots up.
*  Because you are setting a "User" GPO it must be applied in a way that there will be users involved.
*  You should ensure you have the Group Policy Management MMC downloaded and installed on your Server it makes managing GPOs much easier)

 Create a separate GPO to run your logon script.  Apply the GPO to the root of the domain, and either apply it to every OU that has inheritance blocked, OR  set it to "ENFORCED" in group policy management MMC.  Doing either of those will ensure all users including the ones in OUs which have GPO inheritance blocked.

Via User Profiles:

Right click on the root of the domain, click search, and use the built in method or write a query in the advanced tab to select all users, highlight all users by CTRL+A, and right click on one of them, click properties.  you will see a 'generic' properties page that allows you to globally change some settings, change to the profile tab, type the name of the batch file into the logon script text box.

Via each computer's start-up folder:


Via Shedualed tasks
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
FF, screwed up , here is part 2--

via each computer's start-up folder:

  Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).



  The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.

Use SCHTasks to schedule a task to run the
0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
FF, screwed up , here is part 2------again--

Via each computer's start-up folder:

 Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).

  The script that is placed on each client machine should only have 1 line, which will set the ECHO off and then will CALL the actual logon script from your domain controller If it exists (See attached example)  NOTE:  You can put a link to the batch file on the domain controller instead if you prefer.

 The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.
Via Scheduled tasks on each computer:

Use SCHTasks to schedule a task to run each of the client computers.  That task will be a direct invocation of the script on the domain controller (similar to the last option except there is no file you need to use to do it.

To schedule your batch file on each computer you can use a start-up GPO to get it done on each machine next time it's restarted, or you can write a script to schedule the task on every computer that does not have it, which runs regularly on the domain controller.
Note in the following examples you supply the parts within the []s:

To schedule the task on the computer executing the command:
schtasks /Create /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]

To Schedule the task on different computer:

schtasks /Create /S [ComputerName] /U [Username_To_Connect-To-The-Computer] /P [Password_To_Connect-To-The-Computer] /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]
@ECHO OFF& IF EXIST "\\MyDomain.Com\NETLOGON\LogonScript.bat" CALL "\\MyDomain.Com\NETLOGON\LogonScript.bat"

Open in new window

0
 
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Thanks for the points mate!  ~Q
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now