locked
Getting logon scripts for a given user RRS feed

  • Question

  • I need to detect which logon scripts are set by Group Policies for a given user in a Active Directory environment.

    The scripts are set by several policies associated to the domain and/or to OUs.

    How can I get a list of *all* the logon scripts set for a given user?

    Regards

    Mario 

    Friday, September 1, 2017 3:37 PM

All replies

  • Hi Mario, 

    Login as the user, and run RSOP.msc 

    You should see all policies applied to the user in detail. 

    Alternatively, I would suggest gpresult /h from command line for the user. This will give you an output that is easily readable in internet explorer showing all applied policies for the user account and the settings that the policies are applying. 

    Cheers,

    Byron

    Friday, September 1, 2017 3:44 PM
  • Many thanks for the quick answer.

    You are right, but I need to get the list from a PowerShell script in order to use it in PowerShell.

    Is there any way to get the list in a varable or in a table?

    Regards

    Mario

    Friday, September 1, 2017 3:56 PM
  • Hi Mario,

    I'm not sure you can, as Group Policy is only processed or "built" on user logon and if gpupdate is called. 

    Therefore, essentially the settings are "built" every time fresh from a policy set.

    You could use Get-ADUser in the activedirectory powershell module to get any logon scripts assigned to the AD user account object, but that isn't going to cover login scripts which come from policy processing. 

    You could parse the XML given by this command https://technet.microsoft.com/en-gb/library/ee461057.aspx against all GPOs in your domain to get a list of all login scripts, but I'm not sure there's a powershell interface to query the resultant set of policy for a user. 

    Cheers,

    Byron

    If you found my answers helpful, please mark them as such! :)

    Friday, September 1, 2017 4:22 PM
  • gpresult is the utility you need.  Post in GP forum to learn how to use it:

    gpresult /?

    If you have the GPO module installed (RSAT) then use: Get-GPResultantSetOfPolicy

    Post in GP forum for help.


    \_(ツ)_/

    Friday, September 1, 2017 5:16 PM