Logon script assignment

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Logon script assignment

On computers running operating systems in the Windows Server 2003 family, you can assign a logon script to a user account. When a user logs on and a path to a logon script is present in the user account, the file is located and run.

You can also assign logon and logoff scripts, and computer startup and shutdown scripts by using the Group Policy snap-in. These scripts apply to the entire scope of users and computers for which a particular Group Policy object applies.

In Computer Management, you can use the User Property dialog box to assign logon scripts to user accounts by typing the file name (for example, Clerks.bat) in the Logon script text box. At logon, the server authenticating the logon locates an assigned logon script. It looks for the specified file following the local logon script path on the server (usually %systemroot%\SYSVOL\sysvol\domain_name\scripts). If a relative path is provided before the file name (for example, Admins\User1.bat), the server looks for the logon script in that subdirectory of the logon script path.

The entry in the Logon Script text box specifies only the file name (and, optionally, the relative path) and does not create the actual logon script. You create a logon script with the specified name and place it in the appropriate directory on the appropriate replication export server.

You can place a logon script in a local directory on a user's computer. You would typically use this location, however, when you are administering user accounts that exist on a single computer rather than in a domain. This logon script runs only when a user logs on locally to the computer and does not run when the user logs on to the domain. You must place the logon script using the computer's logon script path or in a subdirectory of that logon script path. The default location for local logon scripts is the %systemroot%\System32\Repl\Imports\Scripts folder. This folder is not created on an new installation of Windows XP. A folder must be created and shared with the name netlogon; for step-by-step instructions, see Share a folder or drive. The NTFS permissions of this folder should allow users and server operators only read and execute permissions, and should allow administrators full control. The folder is created and shared automatically on domain controllers, so you should not attempt to create a netlogon folder on a domain controller manually.

For more information, see: Logon Scripts How To..., Group Policy overview, and Privileges.