GPO Logon scripts for VPN users


  • Hi all,

    I can not believe I am unable to find any definite information about this online !!!!!!!!!!!!!

    I have a bunch of sales users that roam around and are not in office. I need to run a logon script for them via GPO. 

    I use Microsoft RRAS server for VPN access. Clients are on win7 and win8.1. They use Microsoft VPN Client. I have logon script on user configuration in GPO.

    Can in anyway this logon script be applied to these remote users? 


    miércoles, 2 de diciembre de 2015 19:49


Todas las respuestas

  • Hi Atif7865,

    As far as I know, logon script via GPO will be run when users successfully logon the domain. No matter users logon from local computer or logon from remote computer.

    So we need to ensure that remote users could use VPN to access the private corporation network, communicate with DC and use domain user account to logon successfully.

    Best Regards,


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact

    jueves, 3 de diciembre de 2015 6:29
  • Hi

    I'm banging my head against the same wall here.

    VPN users typically log onto their computers using the cached credentials. And then start their VPN clients if they need anything off the corporate network. Usually this will not trigger a logon event. But the users will still want their usual network shares and even printers. I've also had the same issue with office users on a dodgy wireless WPA/PSK type network where connection to the network only happens after the user is successfully logged into the machine.

    I would like some way for my users to rerun the "GPO's logon events" at need.

    A script file on the desktop would be OK, but a good old fashioned logon.bat file to map up the network resources will be a pita to maintain, as there will be changes and it would either be nearly unique pr user, or hopelessly complex. A simple script that triggers the GPO events that should happen when that user logon would be so much simpler.

    I suspect that "gpupdate /force" might do the trick, but for the occasions when it trigger a logout-login witch will kill the VNP connection. It also seems a bit overkill for this.

    miércoles, 23 de diciembre de 2015 12:38
  • I am now thinking of implementing DirectAccess. first and foremost this will resolve my issue of pushing changes. Secondly that will implement a rather stronger security for remote users.
    miércoles, 23 de diciembre de 2015 13:46
  • Your VPN client may have an option to run a script once connected (In CISCO client its Options > Aplication Launcher) .
    miércoles, 27 de junio de 2018 9:48