Multiple logon scripts assigned with Active Directory

  • Thread starter Thread starter 3D
  • Start date Start date
3

3D

Wondering if there's any way to assign more than one logon script to a
Domain User account based on group membership.

For example, if they're a member of Domain Users, they would get
logon.bat, and if they were also a member of TeamX, they would also get
moredrives.bat.

Does AD only allow one logon script to run?

Thanks!
 
There are two ways to do this:

1. Make your logon script detect what groups they are in and call other
batch files one at a time. You can find numerous examples of VBS or WSH
logon scripts that do this. Search in Google.

2. Assign the logon scripts by GPO and use policy filtering to determine who
gets which ones. You can have many scripts run that way.
 
3D said:
Wondering if there's any way to assign more than one logon script to a
Domain User account based on group membership.

For example, if they're a member of Domain Users, they would get
logon.bat, and if they were also a member of TeamX, they would also get
moredrives.bat.

Does AD only allow one logon script to run?
Click to expand...

Sure, every GPO can have one. So adding more GPOs
is the naive answer.

But it is really sort of unnecessary since one Logon
script can all as many as you wish (as long as they
finish in time.)

You can even code one logon script so that it checks
a known location and runs any or all scripts it finds
have "appeared" there.

If exist \\server\share\morescripts.cmd call \\server\share\morescripts.cmd

Of course you are probably better off using an environment
variable for the server, i.e., %logonserver% and you might
want to put them in SysVol (as the share so they get replicated.
 
personally I prefer to put my logon scripts either in the GPO object (under
the sysvol share) or in the netlogon share, depending on the purpose, and if
they are going to be used by more then one GPO or not. and then assign all
scripts applicable, in a single GPO, and create my GPOs as needed based on
the need for separate settings for user groups, and reusing the logon
scripts as much as possible to maintain simplicity in managing them as much
as one can do with multiple geographic locations...
 
3D,

Take a look at Richard Mueller's web site at http://www.rlmueller.net and
look at the free scripts that he has. There are several logon scripts that
he has for the different operating systems. They are based on group
membership. They work really well.

There is also the kixtart possibility. There is also the 'ifmember'
possibility.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
Back
Top