Introduction to Configuration and Management
You can use Windows Script Host and Group Policy to manage scripts. Windows 2000 supports the following scripting areas:
Computer Management
Printer Management
Page File
Service Management
Network Configuration
Device Management
Process Management
Thread Management
Event Log Management
User Management
Security
File System
Application Management
Windows Script Host
Windows Script Host enables you to run scripts directly in Windows 2000 by clicking a script file on the Windows desktop or by typing the name of a script file at the command prompt. Just like Internet Explorer 5, Windows Script Host serves as a controller of ActiveX scripting engines. Unlike Internet Explorer 5, however, Windows Script Host has very low memory requirements and is ideal for both interactive and noninteractive scripting needs such as logon scripting and administrative scripting.
Windows Script Host supports scripts written in VBScript or JScript. When a script is run from the Windows desktop or from the command prompt, the script host reads and passes the specified script file contents to the registered script engine. The scripting engine uses file extensions (.vbs for VBScript, .js for JScript) to identify the script instead of using the SCRIPT tag (which is used in HTML). This way, the script writer doesn't have to be familiar with the exact programmatic ID (ProgID) of various script engines. The script host itself maintains a mapping of script extensions to ProgIDs and uses the Windows association model to start the appropriate engine for a given script.
There are two versions of the Windows Script Host: a Microsoft Windows-based version (Wscript.exe) that provides a Windows-based property sheet for setting script properties and a command prompt-based version (Cscript.exe) that provides command line switches for setting script properties. You can run one of these by typing either Wscript.exe or Cscript.exe at the command prompt.
Using Group Policy to Run Scripts
The Scripts extensions of Group Policy allows you to assign scripts to run when the computer starts or shuts down or when users log on or off their computers.
The names of scripts and their command lines (in the form of registry keys and values) are stored in the Registry.pol file, as described earlier in this chapter.
The following five script types exist:
Group Policy logon scripts
Group Policy logoff scripts
Group Policy startup scripts
Group Policy shutdown scripts
Legacy logon scripts (those specified on the User object). Because Windows Script Host supports scripts written in either VBScript or JavaScript, you can enter a command line entry such as CheckBios.vbs in the logon script path of the user object.
By default, each of these script types runs asynchronously, and the window is hidden.
.gif "note-icon")
Note
Consider carefully how to use scripts if you have a mixed environment that includes Windows NT 4.0, Windows 95, Windows 98, and Windows 2000–based clients. The Windows 2000–based and the Windows 98–based clients properly run .vbs and .js scripts. To run .vbs and .js scripts on Windows NT 4.0–based and Windows 95–based clients, you must embed the scripts in batch (.bat) files. The scripts continue to run in a normal window. A policy exists that allows for scripts to be run as hidden or minimized. You can also install Windows Script Host on Windows NT 4.0–based and Windows 95–based clients.
Table 7.4 describes the Group Policy options that control the behavior of scripts.
Table 7.4 Group Policy Options That Control Script Behavior
Group Policy Setting |
Location |
Description |
|---|---|---|
Run logon scripts synchronously |
Computer Configuration\Administrative Templates\System\Logon |
When this option is enabled, the system waits until the script finishes running before it starts Windows Explorer. An equivalent option for this is available under the User Configuration node. The setting you specify in the Computer Configuration node has precedence over the one set in the User Configuration node. |
Run startup scripts asynchronously |
Computer Configuration\Administrative Templates\System\Logon |
By default, startup scripts run synchronously and hidden, which means the user cannot log on until the scripts complete. In some organizations, you might want the scripts to run asynchronously because they can take a long time to complete. This policy allows the you to change the default behavior. |
Run startup scripts visible |
Computer Configuration\Administrative Templates\System\Logon |
If you enable this option, startup scripts run in a command window. |
Run shutdown scripts visible |
Computer Configuration\Administrative Templates\System\Logon |
If you enable this option, shutdown scripts run in a command window. |
Maximum wait time for Group Policy scripts |
Computer Configuration\Administrative Templates\System\Logon |
This policy setting allows you to change the default script timeout period. (By default, scripts time out after 600 seconds). The range is 0 sconds to 32000 seconds. |
Run logon scripts synchronously |
User Configuration\Administrative Templates\System\Logon/Logoff |
When you enable this option, Windows waits for the scripts to finish running before it starts Windows Explorer. Note that an equivalent option for this is available under the Computer Configuration node. The setting you specify in the Computer Configuration node has precedence over the one set in the User Configuration node. |
Run legacy logon scripts hidden |
User Configuration\Administrative Templates\System\Logon/Logoff |
If you enable this option, legacy logon scripts run in hidden mode. |
Run logon scripts visible |
User Configuration\Administrative Templates\System\Logon/Logoff |
If you enable this option, logon scripts run in a command window. |
Run logoff scripts visible |
User Configuration\Administrative Templates\System\Logon/Logoff |
If you enable this option, logoff scripts run in a command window. |
Scripts that run hidden (and to a lesser degree minimized) can cause an errant script or one that prompts for user input to wait for 600 seconds. This is the default wait time value and can be changed by using Group Policy. During this time, the system appears to stop responding. If this is a script that is running in a minimized window and the user selects the window, the script stops running.