How to run login script after login?

Discussion in 'Windows Server' started by Jims, Jul 18, 2005.

  1. Jims

    Jims Guest

    I'm looking for a tool or trick for running user login scripts (i.e. AD
    users computer profile tab) when a PC is already logged in. We have kiosk
    PCs always logged in as generic accounts but would like to allow users to
    run their AD login scripts when they're using the workstations. We can have
    the users run apps and scripts with runas no problem but not sure how to run
    their specific login script located in AD. I'm hoping their is some kind of
    resource kit tool that does this and would prefer not to write an elaborate
    script that does and ldap search of AD for the user's login script.
    Any ideas appreciated.
    thanks,
    Jim
     
    Jims, Jul 18, 2005
    #1
    1. Advertisements

  2. Jims

    Dave Patrick Guest

    Why not use a Scheduled Task?

    --
    Regards,

    Dave Patrick ....Please no email replies - reply in newsgroup.
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    http://www.microsoft.com/protect

    :
    | I'm looking for a tool or trick for running user login scripts (i.e. AD
    | users computer profile tab) when a PC is already logged in. We have kiosk
    | PCs always logged in as generic accounts but would like to allow users to
    | run their AD login scripts when they're using the workstations. We can
    have
    | the users run apps and scripts with runas no problem but not sure how to
    run
    | their specific login script located in AD. I'm hoping their is some kind
    of
    | resource kit tool that does this and would prefer not to write an
    elaborate
    | script that does and ldap search of AD for the user's login script.
    | Any ideas appreciated.
    | thanks,
    | Jim
    |
    |
     
    Dave Patrick, Jul 18, 2005
    #2
    1. Advertisements

  3. Jims

    Jims Guest

    Dave - The problem is not executing an app or batch file at a preset time,
    the problem is I'm not sure how to identify and run the user's login script.
    Any of 8000 users could walk up to this kiosk and may run their login script
    (~100 login scripts). I'm trying to reproduce what Windows does when you
    login but without logging in again. I need a program that when executed
    using a runas or when passed a uid parameter finds that user's login script
    in active directory and executes it. Does that make sense?
    thanks
     
    Jims, Jul 18, 2005
    #3
  4. Hi Jim,

    You can write a small script, which asks the users for their login ID,
    then run runas /user:domain\%username%
    \\domain.com\netlogon\%username%.cmd (or whatever your scriptname is),
    this line will prompt them for their password. The runas is necessary
    since I believe the kiosk-account has not permissions to access the same
    ressources as your users. With a bit more work you should be able to do
    the same using VBS, then you can do it as HTA and use Internet Explorer
    to prompt the users for their username / password.

    Be aware that you have to provide your users a way how to run a kind of
    logoff-script (unmap all mapped drives from the logon-script), and
    instruct your users how to use it.


    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    Website: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Jul 18, 2005
    #4
  5. Don't use a permanently logged on account.
    Have them logon normally and then use Group Policy and loopback processing
    to ensure the machine is still configured as its kiosk mode of operation
    irrespective of their usual settings that would be in force if they logged
    onto their own PC.
    Or re-evaluate the use and purpose of these "kiosk" machines.
    --

    Regards,

    Mike
    --
    Mike Brannigan [Microsoft]

    This posting is provided "AS IS" with no warranties, and confers no
    rights

    Please note I cannot respond to e-mailed questions, please use these
    newsgroups
     
    Mike Brannigan [MSFT], Jul 18, 2005
    #5
  6. Jims

    Herb Martin Guest

    What sort of things must update? We can run the script -- we might even
    be able to do it from a batch file but it isn't going to update SOME things
    for users (like environment or share connections) since it won't run in the
    right context if we schedule it.

    It might be able to update software or some such but a lot of it depends
    on the type of things you wish to have happen.

    And some of it might be dependent on how much of a purist you wish to
    be (e.g, can we cheat and presume a known path to the file --
    \\server\share\somedir\%username% or must we look this up in AD
    each time to "get it right".)



    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Jul 19, 2005
    #6
  7. Jims

    Jims Guest

    Thanks for the responses. Essentially we are looking for a command line
    tool that knows how to identify and run a user's login script. We can't
    really cheat because user's login scripts may map several drives and none as
    simple as \\fileserver\username$ . We can run the utility using runas or
    provide the utility with user creds as a parameter - whatever it needs to
    identify the username and map that user's drives. All of these workstations
    login into Windows with a generic account - this is out of our control.
    This intention is to provide roaming users with the ability to run their
    login scripts on these machines, machines that will always be logged into
    the domain with a generic account. The machines are setup like this because
    they're confiured for fast user switching but the SSO software does not
    natively handle mapping user's drives - just apps. I hope the description
    helps.
    Jim


     
    Jims, Jul 22, 2005
    #7
  8. Jims

    Herb Martin Guest

    Ok, give the users a Logon script on a known server WITH a name
    based on the username.

    Then change the actual user scripts in AD to run THESE 'standard'
    and 'accessible' scripts by "call"ing them and you may now also
    call them at any other time you wish.

    This will also give you the ability to separate any special commands
    that should NOT be run each time but only when they actually logon
    normally -- you might also put a "parameter" driven Goto into the
    "called script" so that when calling the script from the AD official
    logon you can skip commands in the standard script thus getting
    full customization.



    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Jul 23, 2005
    #8
  9. If each user has their own logon script, this can be determined by any
    account with a command sequence such as this (untested) air code:

    (set/p user=enter username: )
    for /f "delims=~" %%S in ('net user /domain %user% ^| find /i "logon
    script"') do(
    set script=%%S
    )
    set script=%script:logon script =%

    You mention runas as possibly necessary to properly run the script, as it
    might access resources to which the generic account has no permissions. If
    the net effect of the script is all you are interested in, this might work,
    however, if ongoing access to these resources is required, you will have to
    create a persistent process (command prompt window, HTA, etc), from which
    you can do this. Then, it would be critically important that the termination
    of this process not be left solely up to the user.


    /Al

     
    Al Dunbar [MS-MVP], Jul 23, 2005
    #9
  10. Jims

    Herb Martin Guest


    Excellent -- that 'net user /domain' USERNAME is much better
    than my idea.
     
    Herb Martin, Jul 23, 2005
    #10
  11. Jims

    Jims Guest

    Thanks Herb and Al. Al - I this this is the best suggestion yet. Works
    good on intial testing. Much appreciated.
    jim


     
    Jims, Jul 24, 2005
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.