Yes, that should work. However, your users can easily disable the login script by deleting the KiXtart folder.
General copnsensus is to run the executable off the NETLOGON folder together with the script.
If the executables need to reside on the client side, then they should rather be inside %WINDIR% to prevent users from manipulating the executable. In that case, user will not be able to update the executbale if necessary and an alternate distribution of the executables needs to be devised whenever a new KiXtart version is being released.
There are other ways, e.g. calculating/checking CRC checksums that have already be posted in various threads. Search for 'overkill' or 'crc'.
_________________________
There are two types of vessels, submarines and targets.
