?
Solved

One Time Login Script for a Global Security Group

Posted on 2011-09-14
4
Medium Priority
?
505 Views
Last Modified: 2012-05-12
Running ActiveDirectory 5.2 on a Windows 2003 SP2 Machine

We are running a major update on a server based database. After the installation, there is an ActiveX exe file that is on the server that has to be run on all of the database users computers (about 30-40 people - only about 20% of our full staff). They are all in a global security group on our active directory (although it's not their main group). They also each have a batch file that runs on login to map the correct network drives (although there are a few different .bat files that's dependent on their department - all of these users don't all run the same .bat file).

This is what tech support at the software company said:

"Once the installation is complete on the database server, a file called “xxxxxxxx.exe” will be added to the xx\common directory on your application server.  If you place this file in your users’ Login script, then it will run when logging into the domain."

Is it possible to run a batch file on a security group only once (the next time they login) and still run their primary batch file?

Thanks!
0
Comment
Question by:atlspsch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Expert Comment

by:wenogk
ID: 36537440
yes, go to google.com and search for "batch execution on security group".
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 2000 total points
ID: 36564327
Hopefully you don't actually assign login scripts to the actual user account. Login scripts can be assigned an a per OU basis, which is a lot better than using a single monolithic login script. There isn't a good way to only run a script once. What I do is in my login script check to see if a specific file exists. If it does, I know that the login script has been run before and I just exit.  Once you are confident that everyone has run the script, you can just disable the GPO used to assign it.

http://www.petri.co.il/setting-up-logon-script-through-gpo-windows-server-2008.htm

REM Checks to see if we have successfully run before
if exist %temp%\DBactiveX20110919.txt goto END

REM Runs the executable and check to see if it was successful
\\server\share\xxxxxxxx.exe
if errorlevel 1 goto FAILURE

REM Build the log file for email notification
echo %time% %date% xxxxxxxx.exe successful for %username% on %computername% > %temp%\xxxxxxxx.log

REM BLAT is a great free emailer utility from http://www.blat.net/
blat -server smtp.yourcompany.com  -to you@yourcompany.com -f administrator@yourcompany.com -subject "xxxxxxxx.exe successful for %username% on %computername%" -bodyF %temp%\xxxxxxxx.log

REM Tag the filesystem so we know that we have been successful so we don't run the executable again
copy %temp%\xxxxxxxx.log %temp%\DBactiveX20110919.txt 
goto END

:FAILURE
echo %time% %date% xxxxxxxx.exe FAILED for %username% on %computername% > %temp%\xxxxxxxx.log
blat -server smtp.yourcompany.com  -to you@yourcompany.com -f administrator@yourcompany.com -subject "xxxxxxxx.exe FAILED for %username% on %computername%" -bodyF %temp%\xxxxxxxx.log


:END

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question