9.8. Assigning Logon/Logoff and Startup/Shutdown Scripts in a GPO

Problem

You want to assign either user logon/logoff scripts or computer startup/shutdown scripts in a GPO.

Solution

Using a graphical user interface

  1. Open the GPMC snap-in.

  2. In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the target GPO, and expand the Group Policy Objects container.

  3. Right-click on the target GPO and select Edit. This will bring up the Group Policy Object Editor.

  4. If you want to assign a computer startup or shutdown script, browse to Computer Configuration Windows Settings Scripts. If you want to assign a user logon or logoff script, browse to User Computer Windows Settings Scripts.

  5. In the right pane, double-click on the type of script you want to add.

  6. Click the Add button.

  7. Select the script by typing the name of it in or browsing to its location.

  8. Optionally type any script parameters in the Script Parameters field.

  9. Click OK twice.

Discussion

When you assign a script in a GPO, you can either reference a script that is stored locally on the domain controller somewhere under the NETLOGON share or a UNC path to a remote fileserver.

The logon script can also be set as an attribute of the user object (scriptPath). This is provided as legacy support for users migrated from NT 4.0 domains. You should choose either one method of specifying the logon script or the other, but not both, as this will cause the logon script to run twice.

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial