How to store Active Directory login script on member server

[wallsfd949]

The situation is this:

I have a member server setup to map home drives and roaming profiles for our OU. I have management rights for users in our OU. I would like to have a share on the member server map to Q: for each user on login.

I'm assuming the proper way to do this is create a (example) userlogin.bat script with "NET USE Q: \\memsrv\sharedfolder". I only have access to put this script on our member server.

Putting \\memsrv\loginscript\userlogin.bat for the User Profile->Login Script does not work. Can this be accomplished?

 

[Smilin]

Good question.

The login script field refers to a login script located in the sysvol/netlogon share on a domain controller. I've never seen anyone try to direct it anywhere other than a subfolder.

It sounds kinda like you are trying to perform domain admin functions while only being a server admin. Ping your domain admins and let them know what you are trying to accomplish. Best to do this the right way.

 

[wallsfd949]

Here is another thought (since our AD support doesn't know and the entire AD Tech Admins appear to be out on a ... lunch? )...


Everything I've read indicates logon and logout scripts must be stored on the PDC netlogon share. Would creating a directory within netlogon and giving me (OU admin) permissions to write to the directory work? Then I'd be able to add logon/logoff scripts for our users without affecting or being able to modify any others.

netlogon\myOUname\logon.bat etc... etc...

 

[stash]

Putting scripts in the netlogon share is the NT4 way of doing scripts. With AD, you should handle scripts in a GPO. You create a GPO, decide what type of script you want (logon, logoff, startup, shutdown), and browse the file. The file is then stored in the GPOs file structure in sysvol.

If your AD admins can't help you with this, or don't know what the heck you're talking about, they should not be AD admins. They should be able to handle this for you.

They could delegate control of the OU containing your servers to you. Then you could do whatever you want, including creating GPOs that contain scripts. Again, if they don't know how to do this, they are in the wrong line of work.

 

[Woodie]

STaSh be right. Do NOT store logon/logoff scripts on a member server..makes the workstations hang if the server or network is not up. (think laptops)

Logon scripts can be written/saved anywhere...then add to the GPO. The GPO will store the script on the sysvol on all the DCs, and also caches it for the user for when they're offline.

Since you apparenlty have the rights to administer your own OU, you should be able to create a new GPO on your OU.

 

[wallsfd949]

Originally posted by: Woodie
Since you apparenlty have the rights to administer your own OU, you should be able to create a new GPO on your OU.

Unless I'm going about it the wrong way (the only way I remember how) I do not have the ability to create a GPO, even just for our OU. From talking with some of the AD admins, they have dissabled the ability for us OU admins to create GPOs. For a company as large as ours, it is understandable {I guess...}.

Does that make any sense to you?

One of their reasons for doing so was that an inexperienced OU admin could hose something up with an improperly created GPO. Come to think of it, I didn't have to answer any questions to become our OU admin... and with my hatred of Microsoft....

 

[Woodie]

Originally posted by: wallsfd949
Does that make any sense to you?

One of their reasons for doing so was that an inexperienced OU admin could hose something up with an improperly created GPO. Come to think of it, I didn't have to answer any questions to become our OU admin... and with my hatred of Microsoft....

Absolutely makes sense. I don't allow GPO creation to get delegated much either, and not much of the OU stuff either, it's a philosophy thing.