• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 845
  • Last Modified:

Loginscript versus GPO

Please explain loginscript versus GPO.
Probably logonscript was made before GPO's existed? Everything in loginscript can/should be moved to GPO (are CANNOT?).
If you have both, which runs first + will one overwrite the other?

1 Solution
Are you trying to comapre  workstation mode with domain mode Login process?

In a domain when a user logs on,  Group policy is processed fist and then depending on what scripts you may have you can use the script to run at logon as logonscripts.
janhoedtAuthor Commented:
So GPO is always processed first and logonscript can overwrite ... until GPO refreshes (after 15 minutes)?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tony JLead Technical ArchitectCommented:
The simplest way to think of it is this - Group Policy Objects are basically ways of manipulating the computer or user hives of the registry. These are executed at logon, and then at regular intervals thereafter.

Logon/startup/shutdown scripts are exactly that - they are scripts (BAT file, VBScript, PowerShell etc) that execute when certain condition occur - a computer startup or shutdown event, a user logon or logoff.

In an ideal world, you should be able to manipulate everything via GPO, but in the world we really live and work in, some things just can't be manipulated this way - as an example, the library views in Windows 7/2008 R2 are registry keys that have no associated GPOs so for one customer I've just had to write a login script that loops through them when a user logs on and removes the public folders from the users' documents library view. Mapping different drives based on user group is another example.

If it's possible to do via GPO or GPP then that is preferrable but if not, then scripts can help. Usually :-)
Mike KlineCommented:
So there is no rule that you have to move login scripts to a GPO (group policy preferences).  you can go that way.    I would start to go that way but in my last job we had a 3000 line login script that had grown over 9 years...that was not something we could easily move.

The login script in the user's account properties will run first.  


Tony JLead Technical ArchitectCommented:
Oh and you define which scripts run via group policy, by the way, but these are again just basically registry entries and will be executed during / after group policy processing.

And yes, an update to a group policy may well update and therefore change a setting defined in a script.
Tony JLead Technical ArchitectCommented:
Group policies tend to give the perception of being quicker and of course if you edit them, they apply without a logoff or reboot (most times - some settings will still require this).

But if you have a complex login script that is quick enough to run and your users are happy with there is no definable requirement to change except perhaps to streamline it and for neatness.

As I say, in most instances you will have both in your environment.
Kevin HaysIT AnalystCommented:
Usually with GPO's you will assign a startup / login script for the user config or computer config.  Login scripts attached to the domain level will fire, but if there are other login scripts in the GPO settings down below linked to OU's then they will get fired next.

I will link login scripts in the GPO for OU's that I want to capture data or map drives, etc....
Leon FesterSenior Solutions ArchitectCommented:
by: janhoedtPosted on 2012-09-14 at 13:09:39ID: 38398661
So GPO is always processed first and logonscript can overwrite ... until GPO refreshes (after 15 minutes)?

Yes, you are correct.
GPO's are applied based on the domain hierachy and placement of GPO's
The Computer policies are applied when the Computer starts and before the use logs on.
Once the user logs on, the Use policies are applied and then the logon script runs.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now