Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Is it possible to execute a different login script when the user logs into a terminal server?

Posted on 2014-04-17
14
287 Views
Last Modified: 2014-05-25
I want to map a user to different shares when they login to my terminal server then when they login to the domain on their local computer.

Windows 2003 DC

Is there a way to do this within the login script. Detect if it's a TS session and map accordingly?
0
Comment
Question by:J C
  • 4
  • 4
  • 3
  • +2
14 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40008323
Don't know why this is in the Exchange zone...

Login script? How quaint.

Use a computer based group policy to map the drives. Set the filters so it only applies to specific computers and then add your terminal servers to the list.

Simon.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40009740
You can do this if you have 2008 \ 2008 R2 \ Win7 Management machine for group policy

From there apply new GPO to OU containing terminal server and within GPO, navigate to user configuration\Preferences\windows setting\drive map, add your drive map settings like below

Now if user logon to that particular terminal server within that OU where GPO is applied, it will get only required share drive only
drive-map-gpo.docx
0
 

Author Comment

by:J C
ID: 40012943
Here is what I have done.

At one of our satellite offices I dropped in a RODC. I create a new site and created the RODC. I then created an OU and dropped the computers in the satellite office into that OU and created a GPO for it and linked it to the OU. I added the logon script to the user configuration and then enabled the loopback policy that should all GPO's for all users on that particular computer. I could not get the logon script to run on those computers. Should this work?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40013035
There was no need to have a RODC in the site for it to work, as that just moves the authentication point locally. If it was working before then it should work now.

Use GPMC and the tool to look at the policies to see if the policy is being applied correctly.
Do you have to use a login script? Are you not able to do everything the script does with group policy objects?

Simon.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40013350
By looking your requirement, do you have logon script enough intelligent to detect user local login \ terminal server login and do the appropriate action ?

I guess its not, hence I have provided you GP preference alternative

Try above and let me know errors if any

Mahesh.
0
 

Author Comment

by:J C
ID: 40013371
I didn't place the RODC there for that purpose. I deployed it to speed up logins/dns response times and make other resources/local file storage more readily available to our remote users. I was only trying to describe my use case and provide more detail.

It's been a while since I've delved into AD and GPO's so maybe I need to make myself current to investigate other options. MY remote users are not logging into a terminal server. They are logging into their computers and that is where I need the script to execute.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40013377
But in question you have mentioned about two different share folders to be mapped when user logging to locally and terminal session respectively
0
 

Author Comment

by:J C
ID: 40013378
Mahesh,

It is a dumb login script. I can look at developing something with a vb script if need be. I thought this should be pretty simple. Place the computers in an OU. Create the GPO that runs the script and enable loopback. I'll look at the alternatives you've suggested and see if I can make it work. Thanks
0
 

Author Comment

by:J C
ID: 40013382
I sync files between my remote sites and our corp office. When they login to our terminal server. I want to map them to the file server on the LAN which is at our corp office.

When they login to their local computers at the satellite office I want to map them to the file server on their LAN. Does that make sense? I don't want them to have to access their files over the internet when they are available in each location over the LAN
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 40013390
Yes, that make sense

you can try my 1st comment to achieve that
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40013569
If you are synching files from one office to another this sound like a perfect setup for DFS...
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40014187
If you would like to use a simple solution, use this lines at the start of your login script:
if %computername%==YourTS goto end

This skips the whole script if you write
:end
at the last line. Then you could simply setup a local logon script at your TS and you are done.

If that sounds too simple and you want a more scientific approach, you can of course use group policy loopback processing http://support.microsoft.com/kb/231287 or GPO WMI filtering http://technet.microsoft.com/en-us/library/cc779036(v=ws.10).aspx

We could read here that you can also set this logon script inside a computer policy and target it at the TS - incorrect. Inside a computer policy, we cannot map network drives.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40014200
There is an even better solution - deploy a domain DFS.
That will do the replication for you, but also is site aware, so if you map a drive to \\example.local\dfs\share then they will go to the one that is located in their AD site.

I have a client who has a single share for the entire company, with offices in about 20 countries. They all map to the closest copy. Makes it ideal for an installation point share as well.

Simon.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 40089281
You selected Mahesh's solution - did you try it? Because it will not work, it applies user settings to a computer object (the TS), which will be ignored.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question