Solved

Is it possible to execute a different login script when the user logs into a terminal server?

Posted on 2014-04-17
14
288 Views
Last Modified: 2014-05-25
I want to map a user to different shares when they login to my terminal server then when they login to the domain on their local computer.

Windows 2003 DC

Is there a way to do this within the login script. Detect if it's a TS session and map accordingly?
0
Comment
Question by:J C
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +2
14 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40008323
Don't know why this is in the Exchange zone...

Login script? How quaint.

Use a computer based group policy to map the drives. Set the filters so it only applies to specific computers and then add your terminal servers to the list.

Simon.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40009740
You can do this if you have 2008 \ 2008 R2 \ Win7 Management machine for group policy

From there apply new GPO to OU containing terminal server and within GPO, navigate to user configuration\Preferences\windows setting\drive map, add your drive map settings like below

Now if user logon to that particular terminal server within that OU where GPO is applied, it will get only required share drive only
drive-map-gpo.docx
0
 

Author Comment

by:J C
ID: 40012943
Here is what I have done.

At one of our satellite offices I dropped in a RODC. I create a new site and created the RODC. I then created an OU and dropped the computers in the satellite office into that OU and created a GPO for it and linked it to the OU. I added the logon script to the user configuration and then enabled the loopback policy that should all GPO's for all users on that particular computer. I could not get the logon script to run on those computers. Should this work?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40013035
There was no need to have a RODC in the site for it to work, as that just moves the authentication point locally. If it was working before then it should work now.

Use GPMC and the tool to look at the policies to see if the policy is being applied correctly.
Do you have to use a login script? Are you not able to do everything the script does with group policy objects?

Simon.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40013350
By looking your requirement, do you have logon script enough intelligent to detect user local login \ terminal server login and do the appropriate action ?

I guess its not, hence I have provided you GP preference alternative

Try above and let me know errors if any

Mahesh.
0
 

Author Comment

by:J C
ID: 40013371
I didn't place the RODC there for that purpose. I deployed it to speed up logins/dns response times and make other resources/local file storage more readily available to our remote users. I was only trying to describe my use case and provide more detail.

It's been a while since I've delved into AD and GPO's so maybe I need to make myself current to investigate other options. MY remote users are not logging into a terminal server. They are logging into their computers and that is where I need the script to execute.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40013377
But in question you have mentioned about two different share folders to be mapped when user logging to locally and terminal session respectively
0
 

Author Comment

by:J C
ID: 40013378
Mahesh,

It is a dumb login script. I can look at developing something with a vb script if need be. I thought this should be pretty simple. Place the computers in an OU. Create the GPO that runs the script and enable loopback. I'll look at the alternatives you've suggested and see if I can make it work. Thanks
0
 

Author Comment

by:J C
ID: 40013382
I sync files between my remote sites and our corp office. When they login to our terminal server. I want to map them to the file server on the LAN which is at our corp office.

When they login to their local computers at the satellite office I want to map them to the file server on their LAN. Does that make sense? I don't want them to have to access their files over the internet when they are available in each location over the LAN
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40013390
Yes, that make sense

you can try my 1st comment to achieve that
0
 
LVL 20

Expert Comment

by:compdigit44
ID: 40013569
If you are synching files from one office to another this sound like a perfect setup for DFS...
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40014187
If you would like to use a simple solution, use this lines at the start of your login script:
if %computername%==YourTS goto end

This skips the whole script if you write
:end
at the last line. Then you could simply setup a local logon script at your TS and you are done.

If that sounds too simple and you want a more scientific approach, you can of course use group policy loopback processing http://support.microsoft.com/kb/231287 or GPO WMI filtering http://technet.microsoft.com/en-us/library/cc779036(v=ws.10).aspx

We could read here that you can also set this logon script inside a computer policy and target it at the TS - incorrect. Inside a computer policy, we cannot map network drives.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40014200
There is an even better solution - deploy a domain DFS.
That will do the replication for you, but also is site aware, so if you map a drive to \\example.local\dfs\share then they will go to the one that is located in their AD site.

I have a client who has a single share for the entire company, with offices in about 20 countries. They all map to the closest copy. Makes it ideal for an installation point share as well.

Simon.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40089281
You selected Mahesh's solution - did you try it? Because it will not work, it applies user settings to a computer object (the TS), which will be ignored.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question