biggles70
asked on
Stop login scripts from running when logging in to a Terminal Server
Hi,
We are trying to stop users running their login scripts when logging into our terminal servers.
Whilst the users have a bit more freedom on their actual desktops, the terminal servers are locked down quite heavily with all desktop icons and IE settings delivered through GPO’s. There are a heap of other security items also controlled through GPO's - all in all we have tried to use GPO's for as much as possible to minimise the individual terminal server config etc...
The users logging into the servers come from various parts of the business, and have different login scripts that perform a lot of unrequired tasks on the Terminal servers. As a stop gap we have disabled access to cmd through GPO, which effectively stops the login script from running but there is another issue that comes from this. An error message is displayed on login albeit minimised. As a result the desktop stops loading until the user maximises the message and clicks OK before the desktop continues to load.
That said we would like a better method of disabling the login scripts from running on the terminal servers. We’d like a method that is transparent to the end user with no error messages etc. We also don’t want a solution that requires us to modify login scripts, as we can’t control the login scripts that may change and break things.
We’ve done some searching and can’t seem to locate a specific GPO setting, but would hope someone can make a suggestion that will cover this off. Hope that makes sense, but if not let me know.
Thanks,
Dave
We are trying to stop users running their login scripts when logging into our terminal servers.
Whilst the users have a bit more freedom on their actual desktops, the terminal servers are locked down quite heavily with all desktop icons and IE settings delivered through GPO’s. There are a heap of other security items also controlled through GPO's - all in all we have tried to use GPO's for as much as possible to minimise the individual terminal server config etc...
The users logging into the servers come from various parts of the business, and have different login scripts that perform a lot of unrequired tasks on the Terminal servers. As a stop gap we have disabled access to cmd through GPO, which effectively stops the login script from running but there is another issue that comes from this. An error message is displayed on login albeit minimised. As a result the desktop stops loading until the user maximises the message and clicks OK before the desktop continues to load.
That said we would like a better method of disabling the login scripts from running on the terminal servers. We’d like a method that is transparent to the end user with no error messages etc. We also don’t want a solution that requires us to modify login scripts, as we can’t control the login scripts that may change and break things.
We’ve done some searching and can’t seem to locate a specific GPO setting, but would hope someone can make a suggestion that will cover this off. Hope that makes sense, but if not let me know.
Thanks,
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We did try a few things though:
Set Computer Config -> Policies -> Admin templates -> System/Scripts "Run startup scripts asynchronously to "enabled". This allowed the desktop to appear without having to clear the minimised message. (Still set)
We set "Prevent access to the command prompt" to enabled, but set "Disable the command prompt script processing also" to Yes as we didn't want any scripts to run. (Still Set)
We were using Loopback processing mode enabled when setting User options against the machines. (Still Set)
Apologies for leaving this as long as I did to close off etc..