SECURITY

Working with Computer and User Script Policies in Vista

- Give Up Coffee For Beautiful Breasts

- Nikon D3500 Digital SLR Camera

- Sony Alpha A58 Digital SLT Camera

- Panasonic HX-WA30 - A Pistol-Grip Full HD Camcorder

9/5/2010 9:32:37 AM

Script policies control the behavior and assignment of computer and user scripts. Four types of scripts can be configured:

Computer startup Executed during startup

Computer shutdown Executed prior to shutdown

User logon Executed when a user logs on

User logoff Executed when a user logs off

You can write these scripts as command-shell batch or Windows scripts. Batch scripts use the shell command language. Windows scripts use Windows Script Host (WSH) and are written in a scripting language, such as Microsoft Visual Basic, Scripting Edition (VBScript) or Microsoft JScript.

Controlling Script Behavior Through Policy

Policies that control script behavior are found under Computer Configuration\Administrative Templates\System\Scripts and User Configuration\Administrative Templates\System\Scripts. Through policy, you can control the behavior of startup, shutdown, logon, and logoff scripts. The key policies that you'll use are described in Table 1. As you'll see, there are numerous options for configuring script behavior.

Table 1: Computer and User Script Policies

Policy Type

Policy Name

Description

Computer

Maximum Wait Time For Group Policy Scripts

Sets the maximum time to wait for scripts to finish running. The default value is 600 seconds (10 minutes).

Computer

Run Shutdown Scripts Visible

Displays shutdown scripts and their instructions as they execute.

Computer

Run Startup Scripts Asynchronously

Allows the system to run startup scripts simultaneously rather than one at a time.

Computer

Run Startup Scripts Visible

Displays startup scripts and their instructions as they execute.

Computer/User

Run Logon Scripts Synchronously

Ensures the system waits for logon scripts to finish before displaying the Windows interface.

User

Run Legacy Logon Scripts Hidden

Hides logon scripts configured through System Policy Editor in Windows NT 4.

User

Run Logoff Scripts Visible

Displays logoff scripts and their instructions as they execute.

User

Run Logon Scripts Visible

Displays logon scripts and their instructions as they execute.

Although there are many ways to control script behavior, you'll usually want scripts to behave as follows:

Logon and startup scripts should run simultaneously (in most cases).

All scripts should be hidden rather than visible.

The system should wait no more than one minute for a script to complete (in most cases).

To enforce this behavior, follow these steps:

Access Group Policy for the computer you want to work with. Next, access Computer Configuration\Administrative Templates\System\Scripts.

Double-click Run Logon Scripts Synchronously. On the Setting tab, select Disabled.

Double-click Run Startup Scripts Asynchronously. On the Setting tab, select Enabled.

Double-click Run Startup Scripts Visible. On the Setting tab, select Disabled.

Double-click Run Shutdown Scripts Visible. On the Setting tab, select Disabled.

Double-click Maximum Wait Time For Group Policy Scripts. On the Setting tab, select Enabled and then enter a value of 600 for the wait time in the Seconds field, as shown in Figure 1. Click OK.

Figure 1: Set the maximum wait time for scripts.

Access User Configuration\Administrative Templates\System\Scripts.

Double-click Run Legacy Logon Scripts Hidden. On the Setting tab, select Enabled.

Double-click Run Logon Scripts Visible. On the Setting tab, select Disabled.

Double-click Run Logoff Scripts Visible. On the Setting tab, select Disabled and then click OK to complete the configuration process for scripts.

Assigning Computer Startup and Shutdown Scripts

Computer startup and shutdown scripts can be assigned as part of a group policy. In this way, a computer and all its users—or all computers that are members of the site, domain, or OU—execute scripts automatically when they're started or shut down.

To assign computer scripts, follow these steps:

For easy management, copy the scripts you want to use to the Scripts\Startup or Scripts\Shutdown folder for the related policy. Scripts are stored in the %System-Root%\Sysvol\Sysvol\ %UserDnsDomain%\Policies\ GUID\Machine folder on domain controllers and %SystemRoot%\System32\GroupPolicy\Machine on Windows Vista workstations.

Access the Group Policy console for the resource you want to work with. Then access Computer Configuration\Windows Settings\Scripts.

To work with startup scripts, right-click Startup and then select Properties. To work with shutdown scripts, right-click Shutdown and then select Properties. This opens a dialog box similar to the one shown in Figure 2.

Figure 2: Manage computer startup scripts using the Startup Properties dialog box.

Click Show Files. If you copied the computer script to the correct location, you should see the script.

Click Add to assign a script. This opens the Add A Script dialog box. In the Script Name field, type the name of the script you copied to the Scripts\Startup or the Scripts\Shutdown folder for the related policy. In the Script Parameters field, enter any command-line arguments to pass to the command-line script or parameters to pass to the scripting host for a WSH script. Repeat this step to add other scripts.

During startup or shutdown, scripts are executed in the order in which they're listed in the Properties dialog box. Click Up or Down to reposition scripts as necessary.

If you want to edit the script name or parameters later, select the script in the Script For list and then click Edit.

To delete a script, select the script in the Script For list and then click Remove.

Assigning User Logon and Logoff Scripts

User scripts can be assigned as part of a group policy. In this way, all users who access a computer or are members of the site, domain, or OU execute scripts automatically when they log on or log off.

To assign user scripts, complete the following steps:

For easy management, copy the scripts you want to use to the Scripts\Logon or the Scripts\Logoff folder for the related policy. User scripts are stored in the %SystemRoot%\Sysvol\Sysvol\ %UserDnsDomain%\Policies\ GUID\User folder on domain controllers and %WinDirSystemRoot%\System32\GroupPolicy\User on Windows Vista workstations.

Access the Group Policy console for the resource you want to work with. Then access User Configuration\Windows Settings\Scripts.

To work with logon scripts, right-click Logon and then select Properties. To work with logoff scripts, right-click Logoff and then select Properties. This opens a dialog box similar to the one shown in Figure 3.

Figure 3: Manage user logon scripts using the Logon Properties dialog box.

Click Show Files. If you copied the user script to the correct location, you should see the script.

Click Add to assign a script. This opens the Add A Script dialog box. In the Script Name field, type the name of the script you copied to the Scripts\Logon or the Scripts\Logoff folder for the related policy. In the Script Parameter field, enter any command-line arguments to pass to the command-line script or parameters to pass to the scripting host for a WSH script. Repeat this step to add other scripts.

During logon or logoff, scripts are executed in the order in which they're listed in the Properties dialog box. Click Up or Down to reposition scripts as necessary.

If you want to edit the script name or parameters later, select the script in the Script For list and then click Edit.

To delete a script, select the script in the Script For list and then click Remove.

Other

Working with Logon and Startup Policies in Vista

Controlling Access to Files and Folders with NTFS Permissions

Sharing Files and Folders Over the Network in Vista

Using and Configuring Public Folder Sharing

Customizing the Browser User Interface

Setting Default Internet Programs

Managing Connection and Proxy Settings

Managing Browser Cookies and Other Temporary Internet Files

Secure Browsing and Local Machine Lockdown in Vista

Managing Internet Explorer Security Zones

Top 10

- Review : Sigma 24mm f/1.4 DG HSM Art

- Review : Canon EF11-24mm f/4L USM

- Review : Creative Sound Blaster Roar 2

- Review : Philips Fidelio M2L

- Review : Alienware 17 - Dell's Alienware laptops

- Review Smartwatch : Wellograph

- Review : Xiaomi Redmi 2

- Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator

- Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator

- 3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart

REVIEW

- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)

VIDEO TUTORIAL

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)

Popular Tags

Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8

site
stats