Customizing Windows Using Logon Scripts

You learned in previous chapters how to write scripts for mapping network drives or connecting to a network printer. You know also how to use the FileSystemObject object and its methods (to back up files, for example), and you've learned the techniques for developing scripts that create shortcuts on the Desktop or on the Start menu. You're therefore aware that you can use scripts to customize user systems and automate tasks. What I haven't discussed yet is how to write scripts that are executed during events such as startup, shutdown, logon, and logoff. Since Windows NT 4 supports logon scripts (as batch files, for example) Microsoft has made the effort in Windows 2000 to provide extended support for scripting during startup, shutdown, logon, and logoff.

In Windows 2000 (and even in Windows NT), an administrator can set up any user account in such a way that a logon script runs automatically whenever the user logs on. (You can use customized scripts from previous chapters for that purpose.) To set up a logon script, you take the following steps:

1. Copy the logon script or scripts to the script path. (See the explanation following Figure 13-3 regarding the exact location.)
2. Log on as an administrator, and launch the tool to manage user accounts. In Windows 2000, the Microsoft Management Console (MMC) provides the necessary functions. Double-click on Administrative Tools in Control Panel, and then double-click on Computer Management. (In Windows NT 4, you use the User Manager program to administer user accounts.)
3. Select a user account and show the properties. In MMC, select the branch System Tools/Local Users And Groups/Users and double-click on the entry with the user's name in the user account list. (In Windows NT 4, double-click on the user's name in the list of accounts to open the dialog with the user's account properties.)
4. Select the Profile property page on the user property sheet and enter the name of the logon script file in the Logon Script text box (Figure 13-3). (In Windows NT 4, click the Profile button to open the dialog box with the Logon Script text box.)



Figure 13-3 The Microsoft Management Console with the Profile property page

After you close the property pages and dialog boxes using the OK button, the settings for this user account are saved. If you haven't done so already, you need to copy the logon script to the logon script path. This path depends on whether the logon script is executed when logging on to a domain or when logging on to a local account. To execute the logon script when logging on to a domain, the script is stored on the primary domain controller. On a Windows NT 4 domain controller, the logon script path is

systemroot\system32\repl\import\scripts

where systemroot stands for the path to the Windows folder; on a Windows 2000 domain controller, the logon script path is

sysvol\domainname\scripts

For local accounts on either Windows 2000 or Windows NT 4, the logon script path is as follows:

systemroot\system32\repl\import\scripts

If the script is in this logon path, you only need to enter the filename (Logon.vbs, for example) in the Logon Script text box. You can also use a subfolder within the script path to store the logon scripts (so that you can group different logon scripts for user groups, for example). In this case, you must precede the filename with the relative path (such as admins\Logon.vbs).

The logon script will now run automatically whenever that user logs on. The advantage of this approach is that you can assign an individual logon script to each user.

Windows 2000 offers an alternative way to run scripts automatically during user logon or user logoff:

1. Write your script with the necessary commands for what you need done during logon or logoff. Store this script in a WSH script file in a local folder.
2. Log on with administrator rights and launch an instance of MMC that supports User and Group policies. (The steps are described in Appendix B.)
3. Select the branch Local Computer Policy/User Configuration/Windows Settings/Scripts (Logon/Logoff) on the Tree tab.
4. MMC shows two icons in the right pane for logon and logoff scripts. Double-click on one of these icons to open the Scripts property page (Figure 13-4).
5. Click Add to invoke the Add A Script dialog box (Figure 13-5). Enter the script filename and the optional script parameters in the dialog box. You can also use the Browse button to select a script file in any folder.



Figure 13-4 MMC with the Scripts property page



Figure 13-5 The Add A Script dialog box

After you close all open dialog boxes using the OK button, the selected script file is executed automatically (independent of the user's account) whenever a user logs on or logs off (depending on which icon you double-clicked).

Windows 2000 allows execution of startup and shutdown scripts independent of user logon or logoff. This comes in handy for machines running without a user currently logged on (servers, for example). If you need a script to be executed automatically during startup or shutdown, take these steps, which are similar to those in the previous section:

1. Write your script with the necessary commands for what you need done during startup or shutdown. Store this script in a WSH script file in a local folder.
2. Log on with administrator rights and launch an instance of MMC that supports User and Group policies.
3. Connect to a remote machine if necessary (the local policy will be loaded automatically), and click the Local Computer Policy/Computer Configuration/Windows Settings/Scripts (Startup/Shutdown) item on the Tree tab (Figure 13-4).
4. Double-click on the Startup or Shutdown icon in the right pane, and click Add to invoke the Add A Script dialog box (Figure 13-5).
5. Enter the script's filename and path and optional parameters in the Add A Script dialog box. If necessary, use the Browse button to select a script file in any folder.

After you close all open dialog boxes using the OK button, the selected script file is executed automatically during each system startup or shutdown (depending on which icon you double-clicked).

If Windows 95 or Windows 98 machines are running in a network environment with a Windows NT domain controller, a network administrator can set up logon scripts to be executed in a user or group policy. If the computer is running in a workgroup environment or as a standalone system, you can choose between two approaches for executing scripts automatically during user logon:

• The simplest way is to add a shortcut to the Startup folder of the Start menu, which contains a command to execute the script. (You can do this in Windows 98 using drag and drop, for example).
• You can add a command such as WScript.exe path\scriptfile to the Run key in the Registry in the branch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows. You can use the System Policy Editor or the System Configuration Utility (in Windows 98) to maintain the Run key entries. Or you can use the Registry access techniques shown in Chapter 11 to add the command to or remove it from the Run Registry key.

Whichever approach you choose, all scripts are executed during each user logon.