| Author | Messages | |
jw1
Posts:0
 | | 05/08/2008 6:32 PM |
| Does anyone know if there are supposed to be any entries in userenv.log (debug setting) for a logon script called via the scriptPath property on a user object? I'm not looking for anything too granular...just an indication of whether or not the script fires, and what domain controller is used for
that particular NETLOGON call, in case it's going to a far site...
Thanks!
--James
| | | |
| robertsingers
Posts:150
| | 05/08/2008 7:08 PM |
| Here's a bit of a tangential thing. You could use BGInfo and tattoo the
desktop with the Logon Server details. Or have the log on script set an
environment variable to %logonserver% as in
http://support.microsoft.com/kb/183495
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log
(debug setting) for a logon script called via the scriptPath property on
a user object? I'm not looking for anything too granular...just an
indication of whether or not the script fires, and what domain
controller is used for that particular NETLOGON call, in case it's going
to a far site...
Thanks!
--James
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
________________________________
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
| | | |
| darren
Posts:168
| | 05/08/2008 7:13 PM |
| James-
I don't believe that type of logon script run gets logged in userenv but you
should see an event in the Application event log of source "Userinit" when
it runs.
Darren
****
Darren Mar-Elia
CTO & Founder
SDM Software, Inc.
www.sdmsoftware.com <http://www.sdmsoftware.com/>
Secure and configure your Windows desktops accurately every time without
having to learn or install new technology. Find out more about Desktop
Policy Manager at http://www.sdmsoftware.com/desktop_management
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Thursday, May 08, 2008 3:32 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log
(debug setting) for a logon script called via the scriptPath property on a
user object? I'm not looking for anything too granular.just an indication
of whether or not the script fires, and what domain controller is used for
that particular NETLOGON call, in case it's going to a far site.
Thanks!
--James
| | | |
| jw1
Posts:0
| | 05/08/2008 7:18 PM |
| Good idea.
We already have it log an event for some level of detail (just looking for something additional client-side, for times when it DOESN'T run correctly).
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Thursday, May 08, 2008 6:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Here's a bit of a tangential thing. You could use BGInfo and tattoo the desktop with the Logon Server details. Or have the log on script set an environment variable to %logonserver% as in http://support.microsoft.com/kb/183495
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log (debug setting) for a logon script called via the scriptPath property on a user object? I'm not looking for anything too granular...just an indication of whether or not the script fires, and what domain controller is used for
that particular NETLOGON call, in case it's going to a far site...
Thanks!
--James
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. Any opinions expressed in this message are not necessarily those of the Department of Building and Housing. All technical opinions are offered on a 'no-liability' basis. This message
and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient, you are notified that any use, disclosure or copying of this email is unauthorised. If you have received this email in error, please notify us immediately by
reply email and delete the original and any attachment(s). Thank you.
________________________________
| | | |
| robertsingers
Posts:150
| | 05/08/2008 7:53 PM |
| Just some more info. I've packaged up BGinfo as an MSI for distribution
by GPSI. The 'corporate' backgrounds are packaged and distributed
seperately (so I could rebrand the entire org on April Fools if I
wanted). A start up\logon script copies the right resolution file to
the right filename for BgInfo
The backgrounds get tattooed with the host name, logon server, user
name, and the IP address. The Help Desk uses the information for remote
support. It's been very useful for debugging various things from the
clients.
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, 9 May 2008 11:13 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Good idea.
We already have it log an event for some level of detail (just looking
for something additional client-side, for times when it DOESN'T run
correctly).
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Thursday, May 08, 2008 6:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Here's a bit of a tangential thing. You could use BGInfo and tattoo the
desktop with the Logon Server details. Or have the log on script set an
environment variable to %logonserver% as in
http://support.microsoft.com/kb/183495
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log
(debug setting) for a logon script called via the scriptPath property on
a user object? I'm not looking for anything too granular...just an
indication of whether or not the script fires, and what domain
controller is used for that particular NETLOGON call, in case it's going
to a far site...
Thanks!
--James
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files
may be confidential and subject to privilege. Any opinions expressed in
this message are not necessarily those of the Department of Building and
Housing. All technical opinions are offered on a 'no-liability' basis.
This message and any files transmitted with it are confidential and
solely for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure or copying
of this email is unauthorised. If you have received this email in
error, please notify us immediately by reply email and delete the
original and any attachment(s). Thank you.
________________________________
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
| | | |
| jfigueroa
Posts:13
| | 05/18/2008 1:38 PM |
| Looks like the KB is about 2000 and below. "SET L" from the command line
of the client should tell you the DC.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Thursday, May 08, 2008 4:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Here's a bit of a tangential thing. You could use BGInfo and tattoo the
desktop with the Logon Server details. Or have the log on script set an
environment variable to %logonserver% as in
http://support.microsoft.com/kb/183495
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log
(debug setting) for a logon script called via the scriptPath property on
a user object? I'm not looking for anything too granular...just an
indication of whether or not the script fires, and what domain
controller is used for that particular NETLOGON call, in case it's going
to a far site...
Thanks!
--James
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files
may be confidential and subject to privilege. Any opinions expressed in
this message are not necessarily those of the Department of Building and
Housing. All technical opinions are offered on a 'no-liability' basis.
This message and any files transmitted with it are confidential and
solely for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure or copying
of this email is unauthorised. If you have received this email in
error, please notify us immediately by reply email and delete the
original and any attachment(s). Thank you.
________________________________
| | | |
| jclosky
Posts:4
| | 05/18/2008 1:40 PM |
| "SET L" will tell you the DC it has a secure channel established with, but this would only be used to authenticate NTLM. It may, or may not, be he same server that AD (via DNS) has chosen as it's KDC & LDAP (AD)?
-----Original Message-----
From: Figueroa, Johnny <Johnny.Figueroa@bannerhealth.com>
To: ActiveDir@mail.activedir.org
Sent: Thu, 8 May 2008 11:02 pm
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Looks like the KB is about 2000 and below. “SET L” from the command line of the client should tell you the DC.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: Thursday, May 08, 2008 4:03 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Here's a bit of a tangential thing. You could use BGInfo and tattoo the desktop with the Logon Server details. Or have the log on script set an environment variable to %logonserver% as in http://support.microsoft.com/kb/183495
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log (debug setting) for a logon script called via the scriptPath property on a user object? I’m not looking for anything too granular…just an indication of whether or not the script fires, and what domain controller is used for that particular NETLOGON call, in case it’s going to a far site…
Thanks!
--James
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. Any opinions expressed in this message are not necessarily those of the Department of Building and Housing. All technical opinions are offered on a ‘no-liability’ basis. This message and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient, you are notified that any use, disclosure or copying of this email is unauthorised. If you have received this email in error, please notify us immediately by reply email and delete the original and any attachment(s). Thank you.
| | | |
| jw1
Posts:0
| | 05/18/2008 1:40 PM |
| More than that – DNS isn’t going to determine the DC used for NETLOGON/SYSVOL stuff. That’s what’s useful about userenv.log (for GPOs).
I need to deploy the hotfix that changes the referral list for NETLOGON, by putting the logon DC at the top of that list…without that, things get kind of random….
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of jclosky@aol.com
Sent: Friday, May 09, 2008 8:45 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] userenv.log and scriptPath logon scripts?
"SET L" will tell you the DC it has a secure channel established with, but this would only be used to authenticate NTLM. It may, or may not, be he same server that AD (via DNS) has chosen as it's KDC & LDAP (AD)?
-----Original Message-----
From: Figueroa, Johnny <Johnny.Figueroa@bannerhealth.com>
To: ActiveDir@mail.activedir.org
Sent: Thu, 8 May 2008 11:02 pm
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Looks like the KB is about 2000 and below. “SET L” from the command line of the client should tell you the DC.
From: ActiveDir-owner@mail.activedir.org <mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org <mailto:ActiveDir-owner@mail.activedir.org?> ] On Behalf Of Robert Singers
Sent: Thursday, May 08, 2008 4:03 PM
To: ActiveDir@mail.activedir.org <mailto:ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Here's a bit of a tangential thing. You could use BGInfo and tattoo the desktop with the Logon Server details. Or have the log on script set an environment variable to %logonserver% as in http://support.microsoft.com/kb/183495 <http://support.microsoft.com/kb/183495>
________________________________
From: ActiveDir-owner@mail.activedir.org <mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org <mailto:ActiveDir-owner@mail.activedir.org?> ] On Behalf Of Wells, James Arthur
Sent: Friday, 9 May 2008 10:32 a.m.
To: ActiveDir@mail.activedir.org <mailto:ActiveDir@mail.activedir.org>
Subject: [ActiveDir] userenv.log and scriptPath logon scripts?
Does anyone know if there are supposed to be any entries in userenv.log (debug setting) for a logon script called via the scriptPath property on a user object? I’m not looking for anything too granular…just an indication of whether or not the script fires, and what domain controller is used for
that particular NETLOGON call, in case it’s going to a far site…
Thanks!
--James
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal
________________________________
________________________________
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. Any opinions expressed in this message are not necessarily those of the Department of Building and Housing. All technical opinions are offered on a ‘no-liability’ basis. This message
and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient, you are notified that any use, disclosure or copying of this email is unauthorised. If you have received this email in error, please notify us immediately by
reply email and delete the original and any attachment(s). Thank you.
________________________________
________________________________
Plan your next roadtrip with MapQuest.com <http://www.mapquest.com/?ncid=mpqmap00030000000004> : America's #1 Mapping Site.
| | | |
| danholme
Posts:133
| | 05/18/2008 1:55 PM |
| <waking up from the 1990s>
Batch files rock!
</1990s>
LOL… VBScript über alles, but only after making sure that a GP policy setting or preferences setting doesn’t already do what I need done…
Has anyone on this list done a “sanity check” on logon scripts post Desktop Standard or Group Policy Preferences? I’d actually be interested to know what really needs to be done in a logon script at all once the DTS or GPP extensions are in place. Haven’t had a client pay me for that logon script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we were pretty much down to printer mapping (bye bye in R2), mapped drives, and a few very random things.
I’d be curious from a “real world” perspective what tasks people are finding that can’t be done with GPPrefs, now? None come to my mind, certainly none in the 20% side of the 80/20 rule, suggesting that the vast majority of “my” enterprise might not need scripts at all any more…???
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day. Luckily the edges are sort of soft and spongey so they can be stretched out as needed and as I have time. 
As an aside... how many people would find it helpful to have this kind of info in an env var during logon script processing? What other kind of info would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn’t see that you hit your ego cap for the week – so…NICE job, joe – your limitless knowledge never ceases to amaze 
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a DC name during my logon on a domain with two DCs (which should scale to (n)).
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea….hopefully it won’t say \\DOMAIN\NETLOGON instead of \\DC01\NETLOGON ☺
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm <http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm>
| | | |
| kamleshap
Posts:27
| | 05/18/2008 1:55 PM |
| well in batch file it is certainly possible with just one word :-)
Following line should give you full path of the script except script name.
*Echo %~dp0*
Some other examples
%~I - expands %I removing any surrounding quotes (")
%~fI - expands %I to a fully qualified path name
%~dI - expands %I to a drive letter only
%~pI - expands %I to a path only
%~nI - expands %I to a file name only
%~xI - expands %I to a file extension only
%~sI - expanded path contains short names only
%~aI - expands %I to file attributes of file
%~tI - expands %I to date/time of file
%~zI - expands %I to size of file
%~$PATH:I - searches the directories listed in the PATH
environment variable and expands %I to the
fully qualified name of the first one found.
If the environment variable name is not
defined or the file is not found by the
search, then this modifier expands to the
empty string
--
Kamlesh
On Fri, May 9, 2008 at 8:19 PM, joe <listmail@joeware.net> wrote:
> Oh...
>
> Just use some script language that knows its own path of execution...
>
> Like in vbscript you would use *wscript.scriptfullname*
>
> That will give you a string like *
> \\domaincontroller\netlogon\scriptname.vbs*
>
> Then just chop it down to a DC with your instr type functions available in
> the language.
>
> Not sure if batch files can do that natively.
>
> joe
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur
> *Sent:* Friday, May 09, 2008 10:00 AM
>
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> OK – but what can I write to a log (or event, in my case – logic is
> already there) – to indicate what DC the NETLOGON share came from? Since
> %LOGONSERVER% seems legacy to me, I never want to trust it… J
>
>
>
> --James
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe
> *Sent:* Friday, May 09, 2008 8:57 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> The LogonServer env var should tell you what DC authenticated your
> interactive logon which will be kerb (or should be). It will not necessarily
> tell you your secure channel DC at any point as that can and does change
> (just do a nltest /sc_reset:domain /force to see that the var doesn't get
> updated) in a transient manner. Here is an example and I didn't force
> anything
>
>
>
> [Fri 05/09/2008 1:38:02.32] +
> G:\new1\Dev\CPP\ADQueueLoop>set l
> *LOGONSERVER=\\TEST-DC1*
>
>
>
> [Fri 05/09/2008 9:47:56.27] +
> G:\new1\Dev\CPP\ADQueueLoop>nltest /sc_query:test
> Flags: 30 HAS_IP HAS_TIMESERV
> *Trusted DC Name **\\r2dc1.test.loc*
> Trusted DC Connection Status Status = 0 0x0 NERR_Success
> The command completed successfully
>
>
>
> [Fri 05/09/2008 9:48:04.60] +
> G:\new1\Dev\CPP\ADQueueLoop>nltest /dsgetdc:test
> * DC: **\\R2DC1*
> Address: \\192.168.0.10
> Dom Guid: 85125e03-7747-4594-a7d4-564d1eedbd65
> Dom Name: TEST
> Forest Name: test.loc
> Dc Site Name: Default-First-Site-Name
> Our Site Name: Default-First-Site-Name
> Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE
> The command completed successfully
>
>
>
>
>
> My logon server was TEST-DC1, but my secure channel and LDAP are using
> R2DC1.
>
>
>
> (Yeah I am in the middle of a machine naming standard change...)
>
>
>
>
>
>
>
> For the original question... Have the script write a log entry on the
> machine. You could have it tell you what DC and the last time it ran...
> Something as simple as
>
>
>
> echo ------------------------- >> logfile.txt
>
> date /t >> logfile.txt
>
> time /t >> logfile.txt
>
> echo %logonserver% >> logfile.txt
>
> echo %userdomain%\%username% >> logfile.txt
>
> echo ------------------------- >> logfile.txt
>
>
>
> If you don't see a log entry, good chance it didn't fire the script. Of
> course it won't tell you anything else but that.
>
>
>
>
>
> --
>
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *jclosky@aol.com
> *Sent:* Friday, May 09, 2008 9:45 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> "SET L" will tell you the DC it has a secure channel established with, but
> this would only be used to authenticate NTLM. It may, or may not, be he same
> server that AD (via DNS) has chosen as it's KDC & LDAP (AD)?
>
>
> -----Original Message-----
> From: Figueroa, Johnny <Johnny.Figueroa@bannerhealth.com>
> To: ActiveDir@mail.activedir.org
> Sent: Thu, 8 May 2008 11:02 pm
> Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Looks like the KB is about 2000 and below. "SET L" from the command line of
> the client should tell you the DC.
>
>
>
> *From:* *ActiveDir-owner@mail.activedir.org*<ActiveDir-owner@mail.activedir.org>[
> *mailto:ActiveDir-owner@mail.activedir.org*<ActiveDir-owner@mail.activedir.org?>]
> *On Behalf Of *Robert Singers
> *Sent:* Thursday, May 08, 2008 4:03 PM
> *To:* *ActiveDir@mail.activedir.org* <ActiveDir@mail.activedir.org>
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> Here's a bit of a tangential thing. You could use BGInfo and tattoo the
> desktop with the Logon Server details. Or have the log on script set an
> environment variable to %logonserver% as in *
> http://support.microsoft.com/kb/183495*<http://support.microsoft.com/kb/183495>
> ------------------------------
>
> *From:* *ActiveDir-owner@mail.activedir.org*<ActiveDir-owner@mail.activedir.org>[
> *mailto:ActiveDir-owner@mail.activedir.org*<ActiveDir-owner@mail.activedir.org?>]
> *On Behalf Of *Wells, James Arthur
> *Sent:* Friday, 9 May 2008 10:32 a.m.
> *To:* *ActiveDir@mail.activedir.org* <ActiveDir@mail.activedir.org>
> *Subject:* [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Does anyone know if there are supposed to be any entries in userenv.log
> (debug setting) for a logon script called via the scriptPath property on a
> user object? I'm not looking for anything too granular…just an indication
> of whether or not the script fires, and what domain controller is used for
> that particular NETLOGON call, in case it's going to a far site…
>
>
>
>
>
> Thanks!
>
>
>
> --James
> ------------------------------
>
> This e-mail message has been scanned for Viruses and cleared by *NetIQ
> MailMarshal *
> ------------------------------
> ------------------------------
>
> *Please Note: *
>
> The information contained in this email message and any attached files may
> be confidential and subject to privilege. Any opinions expressed in this
> message are not necessarily those of the Department of Building and Housing.
> All technical opinions are offered on a 'no-liability' basis. This message
> and any files transmitted with it are confidential and solely for the use of
> the intended recipient. If you are not the intended recipient, you are
> notified that any use, disclosure or copying of this email is unauthorised.
> If you have received this email in error, please notify us immediately by
> reply email and delete the original and any attachment(s). Thank you.
> ------------------------------
> ------------------------------
>
> Plan your next roadtrip with *MapQuest.com*<http://www.mapquest.com/?ncid=mpqmap00030000000004>:
> America's #1 Mapping Site.
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Argue for your limitations, and sure enough, they're yours.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| JackP
Posts:40
| | 07/16/2008 5:03 PM |
| We haven't implemented preferences yet, but once we do all of our logon
scripts will be going away, no doubt about it.
Although, I have been tempted to do something somewhat whacky with a logon
script. I want to know where my users are logging in from, so I have this
temptation to write a script that updates a user attribute in AD with the
name of whatever PC a user logs in to. The script would only update the
attribute if it were different so it wouldn't cause replication havoc.
It'd be plenty easy to write but something about it just seems...silly.
-Jack
"Dan Holme" <dan.holme@intelliem.com>
Sent by: ActiveDir-owner@mail.activedir.org
05/09/2008 02:38 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] userenv.log and scriptPath logon scripts?
<waking up from the 1990s>
Batch files rock!
</1990s>
LOL? VBScript über alles, but only after making sure that a GP policy
setting or preferences setting doesn?t already do what I need done?
Has anyone on this list done a ?sanity check? on logon scripts post
Desktop Standard or Group Policy Preferences? I?d actually be interested
to know what really needs to be done in a logon script at all once the DTS
or GPP extensions are in place. Haven?t had a client pay me for that
logon script cleanup POST DTS/GPP, but in the projects we did PRE
extensions, we were pretty much down to printer mapping (bye bye in R2),
mapped drives, and a few very random things.
I?d be curious from a ?real world? perspective what tasks people are
finding that can?t be done with GPPrefs, now? None come to my mind,
certainly none in the 20% side of the 80/20 rule, suggesting that the vast
majority of ?my? enterprise might not need scripts at all any more????
Dan
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day.
Luckily the edges are sort of soft and spongey so they can be stretched
out as needed and as I have time.
As an aside... how many people would find it helpful to have this kind of
info in an env var during logon script processing? What other kind of info
would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon
scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn?t see that you hit your ego cap for the week ? so?NICE job, joe ?
your limitless knowledge never ceases to amaze
--James
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a
DC name during my logon on a domain with two DCs (which should scale to
(n)).
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James
Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea?.hopefully it won?t say \\DOMAIN\NETLOGON
instead of \\DC01\NETLOGON ?
--James
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like
\\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in
the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
| | | |
| bdesmond
Posts:374
| | 07/16/2008 5:03 PM |
| | I've seen customers do this ... it works. Just be careful about the update
frequency.
Other solutions include sql databases, text files on a file share, etc.
--brian
On Fri, May 9, 2008 at 2:58 PM, Jack Parkin <JParkin@uss.com> wrote:
>
> We haven't implemented preferences yet, but once we do all of our logon
> scripts will be going away, no doubt about it.
>
> Although, I have been tempted to do something somewhat whacky with a logon
> script. I want to know where my users are logging in from, so I have this
> temptation to write a script that updates a user attribute in AD with the
> name of whatever PC a user logs in to. The script would only update the
> attribute if it were different so it wouldn't cause replication havoc. It'd
> be plenty easy to write but something about it just seems...silly.
>
> -Jack
>
>
>
> *"Dan Holme" <dan.holme@intelliem.com>*
> Sent by: ActiveDir-owner@mail.activedir.org
>
> 05/09/2008 02:38 PM Please respond to
> ActiveDir@mail.activedir.org
>
> To
> <ActiveDir@mail.activedir.org> cc
> Subject
> RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
>
>
> <waking up from the 1990s>
> Batch files rock!
> </1990s>
>
> LOL… VBScript über alles, but only after making sure that a GP policy
> setting or preferences setting doesn't already do what I need done…
>
> Has anyone on this list done a "sanity check" on logon scripts *post*Desktop Standard or Group Policy Preferences? I'd actually be interested to
> know what *really* needs to be done in a logon script at all once the DTS
> or GPP extensions are in place. Haven't had a client pay me for that logon
> script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we
> were pretty much down to printer mapping (bye bye in R2), mapped drives, and
> a few very random things.
>
> I'd be curious from a "real world" perspective what tasks people are
> finding that can't be done with GPPrefs, now? None come to my mind,
> certainly none in the 20% side of the 80/20 rule, suggesting that the vast
> majority of "my" enterprise might not need scripts at all any more…???
>
> Dan
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe*
> Sent:* Friday, May 09, 2008 8:22 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Heh, I have knowledge limits, hit the darn things every single day. Luckily
> the edges are sort of soft and spongey so they can be stretched out as
> needed and as I have time.
>
> As an aside... how many people would find it helpful to have this kind of
> info in an env var during logon script processing? What other kind of info
> would be useful that you can't normally get through batch/cmd scripts?
>
> How many people have said ah screw it, we don't use batch/cmd for logon
> scripts anymore and have already jumped to some scripting language...
>
> --
> O'Reilly Active Directory Third Edition - *
> http://www.joeware.net/win/ad3e.htm* <http://www.joeware.net/win/ad3e.htm>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur*
> Sent:* Friday, May 09, 2008 11:46 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
> Outstanding!
>
> I didn't see that you hit your ego cap for the week – so…NICE job, joe –
> your limitless knowledge never ceases to amaze
>
>
> --James
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe*
> Sent:* Friday, May 09, 2008 10:31 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Thanks, very occasionally I come up with one...
>
> Anyway, I just tested it really quick to make sure and it came back with a
> DC name during my logon on a domain with two DCs (which should scale to
> (n)).
>
>
> --
> O'Reilly Active Directory Third Edition - *
> http://www.joeware.net/win/ad3e.htm* <http://www.joeware.net/win/ad3e.htm>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur*
> Sent:* Friday, May 09, 2008 11:22 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
> Now THAT is a creative idea….hopefully it won't say \\DOMAIN\NETLOGON
> instead of \\DC01\NETLOGON ☺
>
>
> --James
>
>
> From: ActiveDir-owner@mail.activedir.org [*
> mailto:ActiveDir-owner@mail.activedir.org*<ActiveDir-owner@mail.activedir.org>]
> On Behalf Of joe
> Sent: Friday, May 09, 2008 9:49 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Oh...
>
> Just use some script language that knows its own path of execution...
>
> Like in vbscript you would use wscript.scriptfullname
>
> That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
>
> Then just chop it down to a DC with your instr type functions available in
> the language.
>
> Not sure if batch files can do that natively.
>
> joe
>
> --
> O'Reilly Active Directory Third Edition - *
> http://www.joeware.net/win/ad3e.htm*<http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm>
>
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| michael1
Posts:184
| | 07/16/2008 5:07 PM |
| Now, Dan…Not everyone has read (or has) your book(s). J
I feel exactly the same way when someone asks a question answered, at length, in one of mine!
Why not tell us chapter and page? :-P
Michael B.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Friday, May 09, 2008 6:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
OK I feel stupid. I asked “what would you want to do with logon scripts” and this idea of “self updating” some info in AD was suggested.
WHY do I feel stupid?
In my own book (Windows Administration Resource Kit) I tell you exactly how to do this ;-) So yes, this kind of BYO systems management/configuration/inventory task is absolutely a startup/logon/logoff/shutdown script kind of task, yes !! <sigh>
1) Jack: Look at the book. It tells you how to do that. Take Brian’s caution into account but it works well in many environments.
2) Jack and “Future Reader of Thread” – WS2008 has this type of attribute BUILT IN!!! Take a look at the new attributes to see if they meet your needs. My solution in my book is necessary until you have WS2008 on your DCs. When I wrote the solutions in the book, I was not yet aware of the new attributes.
I guess should modify the question, then, to be something like “What would you use a logon script to change on the LOCAL SYSTEM or for the USER? (vs “outbound” tasks)
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, May 09, 2008 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] userenv.log and scriptPath logon scripts?
I've seen customers do this ... it works. Just be careful about the update frequency.
Other solutions include sql databases, text files on a file share, etc.
--brian
On Fri, May 9, 2008 at 2:58 PM, Jack Parkin <JParkin@uss.com> wrote:
We haven't implemented preferences yet, but once we do all of our logon scripts will be going away, no doubt about it.
Although, I have been tempted to do something somewhat whacky with a logon script. I want to know where my users are logging in from, so I have this temptation to write a script that updates a user attribute in AD with the name of whatever PC a user logs in to. The script would only update the attribute if it were different so it wouldn't cause replication havoc. It'd be plenty easy to write but something about it just seems...silly.
-Jack
"Dan Holme" <dan.holme@intelliem.com>
Sent by: ActiveDir-owner@mail.activedir.org
05/09/2008 02:38 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] userenv.log and scriptPath logon scripts?
<waking up from the 1990s>
Batch files rock!
</1990s>
LOL… VBScript über alles, but only after making sure that a GP policy setting or preferences setting doesn't already do what I need done…
Has anyone on this list done a "sanity check" on logon scripts post Desktop Standard or Group Policy Preferences? I'd actually be interested to know what really needs to be done in a logon script at all once the DTS or GPP extensions are in place. Haven't had a client pay me for that logon script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we were pretty much down to printer mapping (bye bye in R2), mapped drives, and a few very random things.
I'd be curious from a "real world" perspective what tasks people are finding that can't be done with GPPrefs, now? None come to my mind, certainly none in the 20% side of the 80/20 rule, suggesting that the vast majority of "my" enterprise might not need scripts at all any more…???
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day. Luckily the edges are sort of soft and spongey so they can be stretched out as needed and as I have time.
As an aside... how many people would find it helpful to have this kind of info in an env var during logon script processing? What other kind of info would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition - <http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn't see that you hit your ego cap for the week – so…NICE job, joe – your limitless knowledge never ceases to amaze
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a DC name during my logon on a domain with two DCs (which should scale to (n)).
--
O'Reilly Active Directory Third Edition - <http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea….hopefully it won't say \\DOMAIN\NETLOGON instead of \\DC01\NETLOGON ☺
--James
From: ActiveDir-owner@mail.activedir.org [ <mailto:ActiveDir-owner@mail.activedir.org> mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition - <http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| bsonposh
Posts:171
| | 07/16/2008 5:07 PM |
| Hey man... I will never get in the way of someone that wants to do it the
hard way 
On Fri, May 9, 2008 at 6:05 PM, Dean Wells <dwells@msetechnology.com> wrote:
> *"**Not sure if batch files can do that natively.**"*
>
> * *
>
> … gimme a minute … there's always a way (might require a binary or 9 though
> ;0)
>
>
>
> PS – Brandon: say nothing, just shush … there's no room for PoSH here
> (covering my bases.)
>
> --
> Dean Wells
> MSE*technology*
> * Email: dwells@msetechnology.com
> http://msetechnology.com
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe
> *Sent:* Friday, May 09, 2008 10:49 AM
>
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> Oh...
>
>
>
> Just use some script language that knows its own path of execution...
>
>
>
> Like in vbscript you would use *wscript.scriptfullname*
>
>
>
> That will give you a string like *
> \\domaincontroller\netlogon\scriptname.vbs*
>
>
>
> Then just chop it down to a DC with your instr type functions available in
> the language.
>
>
>
> Not sure if batch files can do that natively.
>
>
>
> joe
>
>
>
> --
>
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur
> *Sent:* Friday, May 09, 2008 10:00 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> OK – but what can I write to a log (or event, in my case – logic is already
> there) – to indicate what DC the NETLOGON share came from? Since
> %LOGONSERVER% seems legacy to me, I never want to trust it… J
>
>
>
> --James
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe
> *Sent:* Friday, May 09, 2008 8:57 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> The LogonServer env var should tell you what DC authenticated your
> interactive logon which will be kerb (or should be). It will not necessarily
> tell you your secure channel DC at any point as that can and does change
> (just do a nltest /sc_reset:domain /force to see that the var doesn't get
> updated) in a transient manner. Here is an example and I didn't force
> anything
>
>
>
> [Fri 05/09/2008 1:38:02.32] +
> G:\new1\Dev\CPP\ADQueueLoop>set l
> *LOGONSERVER=\\TEST-DC1*
>
>
>
> [Fri 05/09/2008 9:47:56.27] +
> G:\new1\Dev\CPP\ADQueueLoop>nltest /sc_query:test
> Flags: 30 HAS_IP HAS_TIMESERV
> *Trusted DC Name **\\r2dc1.test.loc*
> Trusted DC Connection Status Status = 0 0x0 NERR_Success
> The command completed successfully
>
>
>
> [Fri 05/09/2008 9:48:04.60] +
> G:\new1\Dev\CPP\ADQueueLoop>nltest /dsgetdc:test
> * DC: **\\R2DC1*
> Address: \\192.168.0.10
> Dom Guid: 85125e03-7747-4594-a7d4-564d1eedbd65
> Dom Name: TEST
> Forest Name: test.loc
> Dc Site Name: Default-First-Site-Name
> Our Site Name: Default-First-Site-Name
> Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_FOREST CLOSE_SITE
> The command completed successfully
>
>
>
>
>
> My logon server was TEST-DC1, but my secure channel and LDAP are using
> R2DC1.
>
>
>
> (Yeah I am in the middle of a machine naming standard change...)
>
>
>
>
>
>
>
> For the original question... Have the script write a log entry on the
> machine. You could have it tell you what DC and the last time it ran...
> Something as simple as
>
>
>
> echo ------------------------- >> logfile.txt
>
> date /t >> logfile.txt
>
> time /t >> logfile.txt
>
> echo %logonserver% >> logfile.txt
>
> echo %userdomain%\%username% >> logfile.txt
>
> echo ------------------------- >> logfile.txt
>
>
>
> If you don't see a log entry, good chance it didn't fire the script. Of
> course it won't tell you anything else but that.
>
>
>
>
>
> --
>
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
>
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *jclosky@aol.com
> *Sent:* Friday, May 09, 2008 9:45 AM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> "SET L" will tell you the DC it has a secure channel established with, but
> this would only be used to authenticate NTLM. It may, or may not, be he same
> server that AD (via DNS) has chosen as it's KDC & LDAP (AD)?
>
>
> -----Original Message-----
> From: Figueroa, Johnny <Johnny.Figueroa@bannerhealth.com>
> To: ActiveDir@mail.activedir.org
> Sent: Thu, 8 May 2008 11:02 pm
> Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Looks like the KB is about 2000 and below. "SET L" from the command line of
> the client should tell you the DC.
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [
> mailto:ActiveDir-owner@mail.activedir.org<ActiveDir-owner@mail.activedir.org?>]
> *On Behalf Of *Robert Singers
> *Sent:* Thursday, May 08, 2008 4:03 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> Here's a bit of a tangential thing. You could use BGInfo and tattoo the
> desktop with the Logon Server details. Or have the log on script set an
> environment variable to %logonserver% as in
> http://support.microsoft.com/kb/183495
> ------------------------------
>
> *From:* ActiveDir-owner@mail.activedir.org [
> mailto:ActiveDir-owner@mail.activedir.org<ActiveDir-owner@mail.activedir.org?>]
> *On Behalf Of *Wells, James Arthur
> *Sent:* Friday, 9 May 2008 10:32 a.m.
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Does anyone know if there are supposed to be any entries in userenv.log
> (debug setting) for a logon script called via the scriptPath property on a
> user object? I'm not looking for anything too granular…just an indication
> of whether or not the script fires, and what domain controller is used for
> that particular NETLOGON call, in case it's going to a far site…
>
>
>
>
>
> Thanks!
>
>
>
> --James
> ------------------------------
>
> This e-mail message has been scanned for Viruses and cleared by *NetIQ
> MailMarshal *
> ------------------------------
> ------------------------------
>
> *Please Note: *
>
> The information contained in this email message and any attached files may
> be confidential and subject to privilege. Any opinions expressed in this
> message are not necessarily those of the Department of Building and Housing.
> All technical opinions are offered on a 'no-liability' basis. This message
> and any files transmitted with it are confidential and solely for the use of
> the intended recipient. If you are not the intended recipient, you are
> notified that any use, disclosure or copying of this email is unauthorised.
> If you have received this email in error, please notify us immediately by
> reply email and delete the original and any attachment(s). Thank you.
> ------------------------------
> ------------------------------
>
> Plan your next roadtrip with MapQuest.com<http://www.mapquest.com/?ncid=mpqmap00030000000004>:
> America's #1 Mapping Site.
>
| | | |
| danholme
Posts:133
| | 07/16/2008 5:13 PM |
| Sorry: Solution 6-8 on page 468 has the “Establish Self-Reporting of Computer Information” solution, which you can extend pretty easily to meet whatever your requirements dictate. I was being lazy—didn’t want to get up and walk over to my bookshelf and pull out the book ;-)
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael B. Smith
Sent: Friday, May 09, 2008 12:24 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now, Dan…Not everyone has read (or has) your book(s). J
I feel exactly the same way when someone asks a question answered, at length, in one of mine!
Why not tell us chapter and page? :-P
Michael B.
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Friday, May 09, 2008 6:14 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
OK I feel stupid. I asked “what would you want to do with logon scripts” and this idea of “self updating” some info in AD was suggested.
WHY do I feel stupid?
In my own book (Windows Administration Resource Kit) I tell you exactly how to do this ;-) So yes, this kind of BYO systems management/configuration/inventory task is absolutely a startup/logon/logoff/shutdown script kind of task, yes !! <sigh>
1) Jack: Look at the book. It tells you how to do that. Take Brian’s caution into account but it works well in many environments.
2) Jack and “Future Reader of Thread” – WS2008 has this type of attribute BUILT IN!!! Take a look at the new attributes to see if they meet your needs. My solution in my book is necessary until you have WS2008 on your DCs. When I wrote the solutions in the book, I was not yet aware of the new attributes.
I guess should modify the question, then, to be something like “What would you use a logon script to change on the LOCAL SYSTEM or for the USER? (vs “outbound” tasks)
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, May 09, 2008 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] userenv.log and scriptPath logon scripts?
I've seen customers do this ... it works. Just be careful about the update frequency.
Other solutions include sql databases, text files on a file share, etc.
--brian
On Fri, May 9, 2008 at 2:58 PM, Jack Parkin <JParkin@uss.com> wrote:
We haven't implemented preferences yet, but once we do all of our logon scripts will be going away, no doubt about it.
Although, I have been tempted to do something somewhat whacky with a logon script. I want to know where my users are logging in from, so I have this temptation to write a script that updates a user attribute in AD with the name of whatever PC a user logs in to. The script would only update the attribute if it were different so it wouldn't cause replication havoc. It'd be plenty easy to write but something about it just seems...silly.
-Jack
"Dan Holme" <dan.holme@intelliem.com>
Sent by: ActiveDir-owner@mail.activedir.org
05/09/2008 02:38 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] userenv.log and scriptPath logon scripts?
<waking up from the 1990s>
Batch files rock!
</1990s>
LOL… VBScript über alles, but only after making sure that a GP policy setting or preferences setting doesn't already do what I need done…
Has anyone on this list done a "sanity check" on logon scripts post Desktop Standard or Group Policy Preferences? I'd actually be interested to know what really needs to be done in a logon script at all once the DTS or GPP extensions are in place. Haven't had a client pay me for that logon script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we were pretty much down to printer mapping (bye bye in R2), mapped drives, and a few very random things.
I'd be curious from a "real world" perspective what tasks people are finding that can't be done with GPPrefs, now? None come to my mind, certainly none in the 20% side of the 80/20 rule, suggesting that the vast majority of "my" enterprise might not need scripts at all any more…???
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day. Luckily the edges are sort of soft and spongey so they can be stretched out as needed and as I have time.
As an aside... how many people would find it helpful to have this kind of info in an env var during logon script processing? What other kind of info would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm <http://www.joeware.net/win/ad3e.htm>
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn't see that you hit your ego cap for the week – so…NICE job, joe – your limitless knowledge never ceases to amaze
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a DC name during my logon on a domain with two DCs (which should scale to (n)).
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm <http://www.joeware.net/win/ad3e.htm>
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea….hopefully it won't say \\DOMAIN\NETLOGON instead of \\DC01\NETLOGON ☺
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org <mailto:ActiveDir-owner@mail.activedir.org> ] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm <http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| listmail
Posts:463
| | 07/16/2008 5:13 PM |
| I have personally heard some concerns about churn... They get updated for every interactive auth. Consider a medium to large environment with hundreds of thousands of users, some of whom like admins may log on and off of various machines... It is why it is all off by default and recommended to only be turned on if you truly understand what you are doing and absolutely need the info for government compliance requirements.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Friday, May 09, 2008 7:33 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Brian: Why? Since the attributes are there and are being populated automatically, what’s wrong with using them?
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, May 09, 2008 12:40 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] userenv.log and scriptPath logon scripts?
The last interactive logon stuff in 2008 is very much NOT recommended unless you completely understand it and need it.
--brian
On Fri, May 9, 2008 at 6:13 PM, Dan Holme <dan.holme@intelliem.com> wrote:
OK I feel stupid. I asked "what would you want to do with logon scripts" and this idea of "self updating" some info in AD was suggested.
WHY do I feel stupid?
In my own book (Windows Administration Resource Kit) I tell you exactly how to do this ;-) So yes, this kind of BYO systems management/configuration/inventory task is absolutely a startup/logon/logoff/shutdown script kind of task, yes !! <sigh>
1) Jack: Look at the book. It tells you how to do that. Take Brian's caution into account but it works well in many environments.
2) Jack and "Future Reader of Thread" – WS2008 has this type of attribute BUILT IN!!! Take a look at the new attributes to see if they meet your needs. My solution in my book is necessary until you have WS2008 on your DCs. When I wrote the solutions in the book, I was not yet aware of the new attributes.
I guess should modify the question, then, to be something like "What would you use a logon script to change on the LOCAL SYSTEM or for the USER? (vs "outbound" tasks)
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Friday, May 09, 2008 11:56 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] userenv.log and scriptPath logon scripts?
I've seen customers do this ... it works. Just be careful about the update frequency.
Other solutions include sql databases, text files on a file share, etc.
--brian
On Fri, May 9, 2008 at 2:58 PM, Jack Parkin <JParkin@uss.com> wrote:
We haven't implemented preferences yet, but once we do all of our logon scripts will be going away, no doubt about it.
Although, I have been tempted to do something somewhat whacky with a logon script. I want to know where my users are logging in from, so I have this temptation to write a script that updates a user attribute in AD with the name of whatever PC a user logs in to. The script would only update the attribute if it were different so it wouldn't cause replication havoc. It'd be plenty easy to write but something about it just seems...silly.
-Jack
"Dan Holme" <dan.holme@intelliem.com>
Sent by: ActiveDir-owner@mail.activedir.org
05/09/2008 02:38 PM
Please respond to
ActiveDir@mail.activedir.org
To
<ActiveDir@mail.activedir.org>
cc
Subject
RE: [ActiveDir] userenv.log and scriptPath logon scripts?
<waking up from the 1990s>
Batch files rock!
</1990s>
LOL… VBScript über alles, but only after making sure that a GP policy setting or preferences setting doesn't already do what I need done…
Has anyone on this list done a "sanity check" on logon scripts post Desktop Standard or Group Policy Preferences? I'd actually be interested to know what really needs to be done in a logon script at all once the DTS or GPP extensions are in place. Haven't had a client pay me for that logon script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we were pretty much down to printer mapping (bye bye in R2), mapped drives, and a few very random things.
I'd be curious from a "real world" perspective what tasks people are finding that can't be done with GPPrefs, now? None come to my mind, certainly none in the 20% side of the 80/20 rule, suggesting that the vast majority of "my" enterprise might not need scripts at all any more…???
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day. Luckily the edges are sort of soft and spongey so they can be stretched out as needed and as I have time.
As an aside... how many people would find it helpful to have this kind of info in an env var during logon script processing? What other kind of info would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition - <http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn't see that you hit your ego cap for the week – so…NICE job, joe – your limitless knowledge never ceases to amaze
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a DC name during my logon on a domain with two DCs (which should scale to (n)).
--
O'Reilly Active Directory Third Edition - <http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea….hopefully it won't say \\DOMAIN\NETLOGON instead of \\DC01\NETLOGON ☺
--James
From: ActiveDir-owner@mail.activedir.org [ <mailto:ActiveDir-owner@mail.activedir.org> mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition - <http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm> http://www.joeware.net/win/ad3e.htm
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| bdesmond
Posts:374
| | 07/16/2008 5:13 PM |
| | I also have a recollection of hearing that some parts of it are best effort
only.
--brian
On Fri, May 9, 2008 at 11:56 PM, joe <listmail@joeware.net> wrote:
> I have personally heard some concerns about churn... They get updated for
> every interactive auth. Consider a medium to large environment with hundreds
> of thousands of users, some of whom like admins may log on and off of
> various machines... It is why it is all off by default and recommended to
> only be turned on if you truly understand what you are doing and absolutely
> need the info for government compliance requirements.
>
> joe
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Dan Holme
> *Sent:* Friday, May 09, 2008 7:33 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Brian: Why? Since the attributes are there and are being populated
> automatically, what's wrong with using them?
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Friday, May 09, 2008 12:40 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> The last interactive logon stuff in 2008 is very much NOT recommended
> unless you completely understand it and need it.
>
>
>
> --brian
>
> On Fri, May 9, 2008 at 6:13 PM, Dan Holme <dan.holme@intelliem.com> wrote:
>
> OK I feel stupid. I asked "what would you want to do with logon scripts"
> and this idea of "self updating" some info in AD was suggested.
>
>
>
> WHY do I feel stupid?
>
>
>
> In my own book (Windows Administration Resource Kit) I tell you exactly how
> to do this ;-) So yes, this kind of BYO systems
> management/configuration/inventory task is absolutely a
> startup/logon/logoff/shutdown script kind of task, yes !! <sigh>
>
>
>
> 1) Jack: Look at the book. It tells you how to do that. Take Brian's
> caution into account but it works well in many environments.
>
> 2) Jack and "Future Reader of Thread" – WS2008 has this type of
> attribute BUILT IN!!! Take a look at the new attributes to see if they meet
> your needs. My solution in my book is necessary until you have WS2008 on
> your DCs. When I wrote the solutions in the book, I was not yet aware of
> the new attributes.
>
>
>
> I guess should modify the question, then, to be something like "What would
> you use a logon script to change on the LOCAL SYSTEM or for the USER? (vs
> "outbound" tasks)
>
>
>
> Dan
>
>
>
>
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Brian Desmond
> *Sent:* Friday, May 09, 2008 11:56 AM
>
>
> *To:* ActiveDir@mail.activedir.org
>
> *Subject:* Re: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
> I've seen customers do this ... it works. Just be careful about the update
> frequency.
>
>
>
> Other solutions include sql databases, text files on a file share, etc.
>
>
>
> --brian
>
> On Fri, May 9, 2008 at 2:58 PM, Jack Parkin <JParkin@uss.com> wrote:
>
>
> We haven't implemented preferences yet, but once we do all of our logon
> scripts will be going away, no doubt about it.
>
> Although, I have been tempted to do something somewhat whacky with a logon
> script. I want to know where my users are logging in from, so I have this
> temptation to write a script that updates a user attribute in AD with the
> name of whatever PC a user logs in to. The script would only update the
> attribute if it were different so it wouldn't cause replication havoc. It'd
> be plenty easy to write but something about it just seems...silly.
>
> -Jack
>
> *"Dan Holme" <dan.holme@intelliem.com>*
> Sent by: ActiveDir-owner@mail.activedir.org
>
> 05/09/2008 02:38 PM
>
> Please respond to
> ActiveDir@mail.activedir.org
>
> To
>
> <ActiveDir@mail.activedir.org>
>
> cc
>
> Subject
>
> RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
>
>
>
>
>
> <waking up from the 1990s>
> Batch files rock!
> </1990s>
>
> LOL… VBScript über alles, but only after making sure that a GP policy
> setting or preferences setting doesn't already do what I need done…
>
> Has anyone on this list done a "sanity check" on logon scripts *post*Desktop Standard or Group Policy Preferences? I'd actually be interested to
> know what *really* needs to be done in a logon script at all once the DTS
> or GPP extensions are in place. Haven't had a client pay me for that logon
> script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we
> were pretty much down to printer mapping (bye bye in R2), mapped drives, and
> a few very random things.
>
> I'd be curious from a "real world" perspective what tasks people are
> finding that can't be done with GPPrefs, now? None come to my mind,
> certainly none in the 20% side of the 80/20 rule, suggesting that the vast
> majority of "my" enterprise might not need scripts at all any more…???
>
> Dan
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe*
> Sent:* Friday, May 09, 2008 8:22 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Heh, I have knowledge limits, hit the darn things every single day. Luckily
> the edges are sort of soft and spongey so they can be stretched out as
> needed and as I have time.
>
> As an aside... how many people would find it helpful to have this kind of
> info in an env var during logon script processing? What other kind of info
> would be useful that you can't normally get through batch/cmd scripts?
>
> How many people have said ah screw it, we don't use batch/cmd for logon
> scripts anymore and have already jumped to some scripting language...
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
> ------------------------------
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur*
> Sent:* Friday, May 09, 2008 11:46 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
> Outstanding!
>
> I didn't see that you hit your ego cap for the week – so…NICE job, joe –
> your limitless knowledge never ceases to amaze
>
>
> --James
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *joe*
> Sent:* Friday, May 09, 2008 10:31 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Thanks, very occasionally I come up with one...
>
> Anyway, I just tested it really quick to make sure and it came back with a
> DC name during my logon on a domain with two DCs (which should scale to
> (n)).
>
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm
>
>
>
>
>
> ------------------------------
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Wells, James Arthur*
> Sent:* Friday, May 09, 2008 11:22 AM*
> To:* ActiveDir@mail.activedir.org*
> Subject:* RE: [ActiveDir] userenv.log and scriptPath logon scripts?
> Now THAT is a creative idea….hopefully it won't say \\DOMAIN\NETLOGON
> instead of \\DC01\NETLOGON ☺
>
>
> --James
>
>
> From: ActiveDir-owner@mail.activedir.org [
> mailto:ActiveDir-owner@mail.activedir.org<ActiveDir-owner@mail.activedir.org>]
> On Behalf Of joe
> Sent: Friday, May 09, 2008 9:49 AM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
>
> Oh...
>
> Just use some script language that knows its own path of execution...
>
> Like in vbscript you would use wscript.scriptfullname
>
> That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
>
> Then just chop it down to a DC with your instr type functions available in
> the language.
>
> Not sure if batch files can do that natively.
>
> joe
>
> --
> O'Reilly Active Directory Third Edition -
> http://www.joeware.net/win/ad3e.htm<http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm>
>
>
>
>
> --
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
>
>
>
> --
> Thanks,
> Brian Desmond
> brian@briandesmond.com
>
> c - 312.731.3132
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| robertsingers
Posts:150
| | 07/16/2008 5:15 PM |
| Our current log on script is a 35 line batch file that calls amongst other things a 1045 lin kix file. Most of the kix file is printer and drive mapping. The rest is setting up Outlook profiles. So yes GPP looks good. As to what I can't do, I'm going to have to stop writing all these bloody policy and strategy documents and get myself a W2K8 virtual machine and start playing.
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Dan Holme
Sent: Saturday, 10 May 2008 6:36 a.m.
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
<waking up from the 1990s>
Batch files rock!
</1990s>
LOL… VBScript über alles, but only after making sure that a GP policy setting or preferences setting doesn’t already do what I need done…
Has anyone on this list done a “sanity check” on logon scripts post Desktop Standard or Group Policy Preferences? I’d actually be interested to know what really needs to be done in a logon script at all once the DTS or GPP extensions are in place. Haven’t had a client pay me for that logon script cleanup POST DTS/GPP, but in the projects we did PRE extensions, we were pretty much down to printer mapping (bye bye in R2), mapped drives, and a few very random things.
I’d be curious from a “real world” perspective what tasks people are finding that can’t be done with GPPrefs, now? None come to my mind, certainly none in the 20% side of the 80/20 rule, suggesting that the vast majority of “my” enterprise might not need scripts at all any more…???
Dan
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 8:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Heh, I have knowledge limits, hit the darn things every single day. Luckily the edges are sort of soft and spongey so they can be stretched out as needed and as I have time.
As an aside... how many people would find it helpful to have this kind of info in an env var during logon script processing? What other kind of info would be useful that you can't normally get through batch/cmd scripts?
How many people have said ah screw it, we don't use batch/cmd for logon scripts anymore and have already jumped to some scripting language...
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Outstanding!
I didn’t see that you hit your ego cap for the week – so…NICE job, joe – your limitless knowledge never ceases to amaze
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 10:31 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Thanks, very occasionally I come up with one...
Anyway, I just tested it really quick to make sure and it came back with a DC name during my logon on a domain with two DCs (which should scale to (n)).
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
________________________________
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Wells, James Arthur
Sent: Friday, May 09, 2008 11:22 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Now THAT is a creative idea….hopefully it won’t say \\DOMAIN\NETLOGON instead of \\DC01\NETLOGON ☺
--James
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joe
Sent: Friday, May 09, 2008 9:49 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] userenv.log and scriptPath logon scripts?
Oh...
Just use some script language that knows its own path of execution...
Like in vbscript you would use wscript.scriptfullname
That will give you a string like \\domaincontroller\netlogon\scriptname.vbs
Then just chop it down to a DC with your instr type functions available in the language.
Not sure if batch files can do that natively.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm <http://mbx01/exchweb/bin/redir.asp?URL=http://www.joeware.net/win/ad3e.htm>
________________________________
< |
|
|