#138756 - 2005-04-26 11:07 PM
Loc: Tigard, OR
There have been quite a number of questions with regard to GPO and KiX and hopefully, this will help. Please provide any feedback, criticisms, etc.
You ** MUST ** be a Domain Administrator or better to do this task
This assumes that you have Group Policy Management Console.
(1) Find the user(s) you want to modify in the OU and remove under Profile, the Login Script, or you can remove this using an AD script:
$groupobj = GetObject("WinNT://"+@ldomain+"/Domain Users")
For Each $userobjg in $groupobj.members
$userobj = GetObject("WinNT://YOUR_DC/"+$userobjg.name)
$UserObjg.LoginScript = ""
?'process is complete.. press a key'
;Author Kent Dyer (firstname.lastname@example.org)
;Contributors MBrecht on CramSession.com
; "Create Loginlog"
; Jooel (Lonkero) - Code cleanup
; Howard Bullock
;Action Writes to a Server Log
;Version 1.2 - Recommendation by Howard Bullock
; 1.1 - Clean-up by Lonkero
;Parameters $logfile - Specify what server, share, and file is needed
; $logdata - Data to be written to the log
;Remarks This script addresses an issue with writing to logs if the file is open by
; another user it waits until they are done and has the log file closed.
; It does a 1 second wait until ready to write to the log till a maximum of 6 seconds and then exits the routine.
; The 5x3 wait routine is not used anymore.
;Returns Writes to a file. No visible user output.
;Dependencies All Domain Users being able to write to a server share
;KiXtart Ver 4.02
;Example(s) ; -- Data
; $logdata=@date + ',' + @time + ',' + @userid + ',WinNT,' + @wksta + @CRLF
; ; -- Example
? 'Please wait'
(2) In Active Directory Users and Computers, go into the OU that you want to modify and open Group Policy Management..
(3) In Group Policy Management, right-click on the OU and Select "Create and link a GPO Here"
(4) In the New GPO, provide a Name: Login Script
(5) In the Right Pane, right-click on the newly created GPO and choose edito
Note: Scripts can be defined in GPO in one of two locations -
- Computer Configuration/Windows Settings/Scripts (Startup/Shutdown) << This should be by machine
Note: a per-machine script runs under SYSTEM context (meaning admin privs).
But not network access unlesss SYSTEM is specifically granted network access.
- User Configuration/Windows Settings/Scripts (Logon/Logofft) << This is by user and is the preferred method
(6) Open the Logon by double-clicking on it.
(7) Click the Add.. Button and add the needed files.
We will just add in one batch file - NTLOGON.BAT and it contains the following:
Note: You can still keep your W/KIX32.EXE in the Netlogon folder..
If you choose to do:
Then \\domain.tld\netlogon\OU needs to exist, for example:
Or, better yet:
and this makes it pretty easy to maintain/manage. Also, Enterprise-wide, changes are not as high-profile. The other advantage to this model is that you can have Representatives from IT in each of these areas maintain their own scripts.
(8)Click OK and close out of Group Policy and then close out of Group Policy Management
Note: You may not see immediate results as replication between your DCs has to occur
Moderator: Jochen, Radimus, Glenn Barnas, Allen, Arend_, ShaneEP, Mart