One other note..
Your SHELL command references a specific server\NetLogon.. this is not a good idea as things will break if that DC is not available or when it's upgraded/replaced. Always use the domain name there - "\\%USERDOMAIN%\NetLogon". This format will work whether you have 1 or 100 domain controllers, no matter which one the user connects to. You might only have one DC today, but you can't tell what tomorrow brings!
Glenn
_________________________
Actually I
am a Rocket Scientist!
