In this tutorial, we will see how to set up a GPO that will execute a logon script.
Logon scripts are usually in batch or vbs format, it is also possible to run PowerShell scripts.
The use of script in PowerShell requires to authorize the use of remote script (set-executionpolicy), it is also necessary to make sure to have the same version of PowerShell on all the computers, because from a version to another some cmdlet may be different or may not be available.
What you can do with a script:
- Network drive mapping
- Printer mapping
- Editing the registry
- Software installation / update / uninstall
- Folder redirection
The main advantage of using a script is that it runs when the user session is open, which does not affect the logon time.
The main disadvantage that it is applied only once unlike the other Group Policy settings which are updated at regular intervals.
The use of script requires notions of development and to properly comment on them.
When retrieving scripts from the Internet, it is important to read and analyze them before applying them in your environment.
Implementation of a logon script
Open a “Run” window and enter the UNC address of the NETLOGON folder, \ domain-ad \ NETLOGON 1 and click OK 2.
Copy the script file 1 to the folder.
Copy the path of the script, select the file and make crlt + right click 1 and click on Copy as path 2.
Open the Group Policy Management console.
Create a new strategy, select the domain 1 and right click then Create a GPO in this domain, and link here … 2.
Name the strategy 1 and click OK 2.
Select your strategy 1, right click on it and click on Modify … 2.
Navigate to the Scripts settings (login / logout) 1: User configuration> Policies> Windows settings. Double click on Login 2.
Click on Add … 1.
In the “Script name:” 1 field, copy the path then remove the quotes and click OK 2.
Check the script is selected 1, then click on Apply 2 and on OK 3.
The script 1 is visible in the Policy settings.