locked
Bypass login Script RRS feed

  • Question

  • Hi All,

    How to bypass login script in windows environment? Does anyone know what the port number for login script? So I can disable the login script.

    I need to disable the login script in the spesific subnets (ex :10.252.174.xxx). So what I want is, when some user is come from IP 10.252.174.111. The login script must be completely remove/disable. But if that user come from IP 10.252.180.120, the login script is run.

    I cannot make this user didn't have a login script. It because, this is related to the VDI environment. Sometime, that user still need their login script in their physical PC.

    Can we do that? Or anyone have any ideas about this?


    G

    Monday, June 4, 2012 4:00 PM

Answers

  • I don't think this is not related with that forum. I know I ask about Logon Script. But that's not related with any programming script.

    What I need is just to disable/remove the logon script based on the Subnet. And we cannot use WMI or GPO I think. It because Logon Script is embedded on User Property in Active Directory.


    G

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Tuesday, June 5, 2012 9:58 AM
  • Hi,

    > It because Logon Script is embedded on User Property in Active Directory.

    According to your description, we can’t disable this logon script through Group Policy.

    I think the only way is add a judgement switch in your script. Like “Gastone Canali” posted above.

    We recommend you create a thread and post it in The Official Scripting Guys Forum! They can provide some script code for you.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  

    Thank you for your understanding.


    Lawrence

    TechNet Community Support

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Wednesday, June 6, 2012 8:20 AM
  • Okey. I got it. This is what I want to make sure. If we cannot bypass the logon script. So I need to put a simple script in the header of my logon script.

    Thans anyone


    G

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Monday, June 11, 2012 3:53 AM

All replies

  • Hi,

    You can configure the WMI Filter on the GPO to delete the IP subnet.

    For more information:

    Group Policy Objects (GPO) and WMI Filter

    http://portal.sivarajan.com/2011/05/group-policy-objects-gpo-and-wmi-filter.html

    WMI filter for subnet filtered Group Policy

    http://waynes-world-it.blogspot.hk/2008/03/wmi-filter-for-subnet-filtered-group.html

    Regards, Terry | My Blog: http://terrytlslau.tls1.cc

    This posting is provided “AS IS” with no warranties, and confers no rights.

    Monday, June 4, 2012 4:44 PM
  • Hi,

    Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs) based on attributes of the target computer.

    When a GPO that is linked to a WMI filter is applied on the target computer, the filter is evaluated on the target computer. If the WMI filter evaluates to false, the GPO is not applied. If the WMI filter evaluates to true, the GPO is applied.

    So it’s hard to filter IP range with false evaluation result, it easy to filter IP range with true result.

    For your scenario, I think you may deploy a GPO with loopback process replace mode, and configure user configuration without logon script. Link the GPO to your VDI OU, then all users who logon these VDI will discard original user configuration and will apply user configuration you defined in loopback GPO.

    For more information please refer to following MS articles:

    WMI filtering using GPMC
    http://technet.microsoft.com/en-us/library/cc779036(v=WS.10).aspx
    Loopback processing with merge or replace
    http://technet.microsoft.com/en-us/library/cc782810(v=WS.10).aspx
    Loopback processing of Group Policy
    http://support.microsoft.com/kb/231287


    Lawrence

    TechNet Community Support

    Tuesday, June 5, 2012 7:44 AM
  • Hi Softholic,

    I suggest you ask this question in the Microsoft Script Forum for further discussion.

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Thanks & Best Regards,


    Mohammed Imtiyaz Ali

    Tuesday, June 5, 2012 9:34 AM
  • I don't think this is not related with that forum. I know I ask about Logon Script. But that's not related with any programming script.

    What I need is just to disable/remove the logon script based on the Subnet. And we cannot use WMI or GPO I think. It because Logon Script is embedded on User Property in Active Directory.


    G

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Tuesday, June 5, 2012 9:58 AM
  • modify your script...

    @echo off
    (ipconfig |findstr "10.252.174.xxx" ) && exit
    (ipconfig |findstr "10.252.174.111" ) && GOTO :CONTINUE

    :CONTINUE
    ...
    :::


    Gastone Canali >http://www.armadillo.it

    Se alcuni post rispondono al tuo quesito (non necessariamente i miei), ricorda di contrassegnarli come risposta e non dimenticare di contrassegnare anche i post utili . GRAZIE!

    • Proposed as answer by GastoneCanali Monday, June 11, 2012 8:37 AM
    Tuesday, June 5, 2012 10:14 AM
  • Hi,

    > It because Logon Script is embedded on User Property in Active Directory.

    According to your description, we can’t disable this logon script through Group Policy.

    I think the only way is add a judgement switch in your script. Like “Gastone Canali” posted above.

    We recommend you create a thread and post it in The Official Scripting Guys Forum! They can provide some script code for you.

    The Official Scripting Guys Forum!

    http://social.technet.microsoft.com/Forums/en/ITCG/threads

     

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  

    Thank you for your understanding.


    Lawrence

    TechNet Community Support

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Wednesday, June 6, 2012 8:20 AM
  • Okey. I got it. This is what I want to make sure. If we cannot bypass the logon script. So I need to put a simple script in the header of my logon script.

    Thans anyone


    G

    • Marked as answer by Lawrence,Lu Monday, June 11, 2012 7:23 AM
    Monday, June 11, 2012 3:53 AM