/build/static/layout/Breadcrumb_cap_w.png

Why use a logon script in Windows 7 and Server 2008 R2 domain environment?

Hey all, pretty much my question is as per the subject of this topic. With Group Policy in Server 08R2 and Windows 7, you can map drives, printers etc. without using a logon script. At my old work though, a massive corporation, they did use logon scripts so there must be some benefit.

I'm just after some opinions on why I would use one? What's the benefit?

Thanks.


1 Comment   [ + ] Show comment
  • i am trying to find a way to disconnect already mapped with GPO drives and connect another set of drives also with GPO, can't find anywhere how to do it without running logoff script .... - vnikulin 10 years ago
    • Hi vnikulin, in a Group Policy Object, navigate to User Configuration - Preferences - Windows Settings - Drive Maps. Here you can create, replace, modify or delete drive mappings (double-click existing mapping or right-click and select new). If you're talking about disconnecting a mapped drive which uses the same letter on everyone's PC, this should do the trick for you. Replace should work but you could also use delete and map another.

      Hope that helps. - twit 10 years ago
      • yep, found that after wrote this comment :) thanks ! - vnikulin 10 years ago

Answers (2)

Answer Summary:
Posted by: SMal.tmcc 11 years ago
Red Belt
1

We use the login scripts to set some env. settings.  We also use kix scripts.  The login script is instant vs a GPO which may require a reboot to take effect.  The login script is also easier for some staff to understand and use vs GPO, it really comes down to a preference of the company policy and IT dept on what tool to use.

 


Comments:
  • Thanks for your input mate. Good to get a couple of opinions. - twit 11 years ago
Posted by: cblake 11 years ago
Red Belt
0

There's actually more downsides than benefits in my experience. Login scripts can be interrupted, closed, or otherwise fail; In contrast GPO's re-execute regularly to validate settings. Along those same lines, a poorly written login script could do all sorts of damage without error checking and verification loops buit in. One bad loop though could cause it to run indefinitely. But, let's assume for a moment that it's a rock solid login script and the code is all super. Most of the time when login scripts are in place it's for a couple of reasons-

1- Legacy. It's how we've always done it, and it's not broken, and it's easy to update. This is understandable of course, but not totally forward thinking as new operating systems arrive and then we have to go fix lots of parts of the script.

2- Alternate Knowledge. Often times people in the IT world just don't have a ton of knowledge of GPO, nor do they have ample free time to devote to learning it. Almost every on of them knows how to write a batch file though, and can do rather amazing things from the command line. 

As you suggest in your post- GPO is probably a superior method long term, but there's nothing wrong with a well written login script except the fact that it must run at login. So if I don't log in for weeks (keyboard locks only) I might be behind on your policy.

 

Hope that helps!


Comments:
  • Thanks mate, appreciate the response. It does appear to be much as I thought then, no benefit to using a logon script really, especially if you're well versed on Group Policy. I've devoted a lot of time to Group Policy and control nearly my entire environment with it. However I wanted to make sure I wasn't overlooking something with the logon script and I'm glad I wasn't. Cheers. - twit 11 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ