Logon Scripts can be an effective way to configure your user’s environment. Tasks such as mapping drives, updating security settings, installing patches, etc. can be configured and reconfigured without the need to touch each computer / user profile.
The following document outlines creating and deploying logon scripts in a Windows 2000 / NT network.
Where would you like everyone to go today?
If you’re looking at this page, you can probably think of a few things you would like to have happen to your user’s PC’s when they log on. We had a desire to map several drives to several shares on our network; plus, we knew we would be moving our file server to a new box sooner than later. A configuration of this type could require touching every PC, or it could be done with a simple logon script.
Help fund more walkthroughs... visit our sponsor!
Write the script
Logon scripts can be written in several languages; however the most common (and most compatible across Windows versions) is DOS / Batch. A simple batch file can be used to make changes to environment variables, or to run other programs such as .exe executable files. Below is a batch script which detects if a drive is in use, it the drive letter is in use it deletes it, then it maps the named drive letter to the share of your choice (the below example maps P: to “Public” share on “TestServer, and U: to the user’s home folder, which is located in the “Users” share on “TestServer2”). For information on creating batch files, please visit our batch file page.
@echo off
rem MapDrives.bat
rem This script will map the following drives:
rem P: >> \\TestServer\Data\Public
rem U: >> \\TestServer2\Data\User\%UserName%
rem Switch to the C: drive to avoid mapping issues (by default, a cmd window will
rem start in the users home directory, or U:, which is a drive that we
rem are about to modify)
C:
rem Map the P: drive to \\TestServer\Public =============
rem Checks to see if P: drive is mapped, deletes if it is, goes on if it's not
If Exist P: GoTo delMapP
GoTo mapP
rem delMapP =============================================================
:delMapP
net use P: /d
rem mapP ============================================================
:mapP
net use P: \\TestServer\Public
rem Map the U: drive to \\TestServer2\User\%UserName% =============
rem Checks to see if U: drive is mapped, deletes if it is, goes on if it's not
If Exist U: GoTo delMapU
GoTo mapU
rem delMapU =============================================================
:delMapU
net use U: /d
rem mapU ===============================================================
:mapU
net use U: \\TestServer2\User\%UserName%
Logon scripts must be placed in the NETLOGON share for clients to find them. The NETLOGON share is a default of the %systemroot%\SYSVOL\sysvol\<domain-name>\scripts share on DC’s. If you wish locate logon scripts elsewhere, the default NETLOGON share may be removed, and a new NETLOGON share with a different path may be created.
Placing scripts in the %systemroot%\SYSVOL\sysvol\<domain-name>\scripts directory allows the logon scripts to be accessed on all domain controllers, as the SYSVOL directory is involved in server to server replication.
At this point, the %logonserver% environment variable may come in very handy. To ensure clients may reach their logon scripts, placing logon scripts in an area where they will be replicated from DC to DC, and the use of the %logonserver% variable allows administrators to offer script redundancy.
The value of the %logonserver% environment variable is: \\<NameOfLogonServer> (that is, the DC used to authenticate the user on that particular logon). It is important to remember this variable includes the double backslashes (\\) in front of the server name; therefore using \\%logonserver% in a path would produce the output "\\\\<NameOfLogonServer>" (four backslashes in front of the name).
An example of how to use the %logonserver% environment variable is shown near the end of this document.
Let the users know that they will be using a logon script (well, let their accounts know anyway…)
To specify that an account will use a logon script, you must place the name of the logon script into its account configuration information. In a Windows 2000 domain, you would place this information into the user properties of the Active Directory Users and Computers MMC Snap-In.
Open the Active Directory Users and Computers Snap-In by logging on to a Domain Controller and Clicking Start > Programs > Administrative Tools > Active Directory Users and Computers, or by Clicking Start > Run > and typing “dsa.msc”.
Expand the domain (the name of the domain in the left panel) and Highlight the “Users” folder below it.
Locate the user (or users) that you would like to apply the logon script to. Right Click the name, and Click “Properties
Click on the “Profile” tab. In the “User profile” section, you will see a field named “Logon script:”. Simply enter the name of the script that you placed into the NETLOGON share.
Make it modular
Eventually, logon scripts may become complicated, and you may want to add, remove, or otherwise change components that will configure your user’s environment. One large logon script can make this complicated.
To simplify the process, create a logon script which calls other configuration scripts from itself. For example, create a script (as pictured above) named “allLogon.cmd”. You may then call the MapDrives.bat script from the allLogon.cmd script.
@echo off
rem allLogon.cmd. Everyone’s Logon Script
rem Map User Drives
call %logonserver%\netlogon\MapDrives.bat
Fusion 13 has taken painstaking effort to ensure the validity of its data;
however, the information contained in this document is provided without warranty.
The data presented is offered simply as a suggestion.
Fusion 13 can in no way be held responsible for how these suggestions are implemented in any environment.
