Why use a logon script in Windows 7 and Server 2008 R2 domain environment?
Hey all, pretty much my question is as per the subject of this topic. With Group Policy in Server 08R2 and Windows 7, you can map drives, printers etc. without using a logon script. At my old work though, a massive corporation, they did use logon scripts so there must be some benefit.
I'm just after some opinions on why I would use one? What's the benefit?
Thanks.
Answers (2)
We use the login scripts to set some env. settings. We also use kix scripts. The login script is instant vs a GPO which may require a reboot to take effect. The login script is also easier for some staff to understand and use vs GPO, it really comes down to a preference of the company policy and IT dept on what tool to use.
Comments:
-
Thanks for your input mate. Good to get a couple of opinions. - twit 11 years ago
There's actually more downsides than benefits in my experience. Login scripts can be interrupted, closed, or otherwise fail; In contrast GPO's re-execute regularly to validate settings. Along those same lines, a poorly written login script could do all sorts of damage without error checking and verification loops buit in. One bad loop though could cause it to run indefinitely. But, let's assume for a moment that it's a rock solid login script and the code is all super. Most of the time when login scripts are in place it's for a couple of reasons-
1- Legacy. It's how we've always done it, and it's not broken, and it's easy to update. This is understandable of course, but not totally forward thinking as new operating systems arrive and then we have to go fix lots of parts of the script.
2- Alternate Knowledge. Often times people in the IT world just don't have a ton of knowledge of GPO, nor do they have ample free time to devote to learning it. Almost every on of them knows how to write a batch file though, and can do rather amazing things from the command line.
As you suggest in your post- GPO is probably a superior method long term, but there's nothing wrong with a well written login script except the fact that it must run at login. So if I don't log in for weeks (keyboard locks only) I might be behind on your policy.
Hope that helps!
Comments:
-
Thanks mate, appreciate the response. It does appear to be much as I thought then, no benefit to using a logon script really, especially if you're well versed on Group Policy. I've devoted a lot of time to Group Policy and control nearly my entire environment with it. However I wanted to make sure I wasn't overlooking something with the logon script and I'm glad I wasn't. Cheers. - twit 11 years ago
Hope that helps. - twit 10 years ago