Solved

login.bat in active directory.  Can I apply the login script to my computers OU or does it need to be at the User OU?

Posted on 2010-08-21
6
524 Views
Last Modified: 2012-05-10
I'm not able to move all my users in the User OU (long story).  Is there a way to apply the login script to run on the computer?  I usually create a gpo that runs a login.bat for users in my OU.  I need  login.bat to run for all computers.  Can i create a gpo that runs the login.bat for my computers OU (under, Computer Configuration - Windows Settings - Scripts - Startup)?

0
Comment
Question by:victor2008
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 33493785
Hmmm....your answer seems to be in the question -- so maybe I am not reading the question correctly?

If you set up a startup script in the OU, that script will run for the computer regardless of user.  But that script will run once on the computer at startup, not multiple times on each user login.

What you can do though is go old-school.  Instead of specifying the login script in Active Directory policies, specify the login script in the user account (Profile tab).
0
 
LVL 8

Accepted Solution

by:
jessmca earned 300 total points
ID: 33494270
You can.
You need to enable loopback processing, then apply the user policy to a computer ou only

http://support.microsoft.com/kb/231287
0
 
LVL 11

Assisted Solution

by:Ben Personick
Ben Personick earned 200 total points
ID: 33494294
You have several options:

Via GPO

NOTE: * You MUST use the "User" side of the GPO for a "LOG ON script".  A "Start-Up Script" will only run each time the computer boots up.
*  Because you are setting a "User" GPO it must be applied in a way that there will be users involved.
*  You should ensure you have the Group Policy Management MMC downloaded and installed on your Server it makes managing GPOs much easier)

 Create a separate GPO to run your logon script.  Apply the GPO to the root of the domain, and either apply it to every OU that has inheritance blocked, OR  set it to "ENFORCED" in group policy management MMC.  Doing either of those will ensure all users including the ones in OUs which have GPO inheritance blocked.

Via User Profiles:

Right click on the root of the domain, click search, and use the built in method or write a query in the advanced tab to select all users, highlight all users by CTRL+A, and right click on one of them, click properties.  you will see a 'generic' properties page that allows you to globally change some settings, change to the profile tab, type the name of the batch file into the logon script text box.

Via each computer's start-up folder:


Via Shedualed tasks
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 11

Expert Comment

by:Ben Personick
ID: 33494299
FF, screwed up , here is part 2--

via each computer's start-up folder:

  Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).



  The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.

Use SCHTasks to schedule a task to run the
0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 33494352
FF, screwed up , here is part 2------again--

Via each computer's start-up folder:

 Use a script to copy the logon script to each computer's "All Users" "Startup" folder as a hidden, system file (To ensure the average user will not see it).

  The script that is placed on each client machine should only have 1 line, which will set the ECHO off and then will CALL the actual logon script from your domain controller If it exists (See attached example)  NOTE:  You can put a link to the batch file on the domain controller instead if you prefer.

 The script that copies the logon script locally could be one which runs as a scheduled task on a domain controller, or it could be a start-up script you will apply to the Computers GPO.
Via Scheduled tasks on each computer:

Use SCHTasks to schedule a task to run each of the client computers.  That task will be a direct invocation of the script on the domain controller (similar to the last option except there is no file you need to use to do it.

To schedule your batch file on each computer you can use a start-up GPO to get it done on each machine next time it's restarted, or you can write a script to schedule the task on every computer that does not have it, which runs regularly on the domain controller.
Note in the following examples you supply the parts within the []s:

To schedule the task on the computer executing the command:
schtasks /Create /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]

To Schedule the task on different computer:

schtasks /Create /S [ComputerName] /U [Username_To_Connect-To-The-Computer] /P [Password_To_Connect-To-The-Computer] /RU ["Run-As"-Username] /RP ["Run-As"-Password] /SC ONLOGON /TN ["RunLogonScript"] /TR ["\\MyDomain.Com\NETLOGON\LogonScript.bat"]
@ECHO OFF& IF EXIST "\\MyDomain.Com\NETLOGON\LogonScript.bat" CALL "\\MyDomain.Com\NETLOGON\LogonScript.bat"

Open in new window

0
 
LVL 11

Expert Comment

by:Ben Personick
ID: 33524387
Thanks for the points mate!  ~Q
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question