What is a logon script? It's pretty much anything you want it to be. Any sort of text based script in any language that the client computer can understand can be run when a user logs into the domain. A logon script can be a simple .bat file or a complex beast created using the Windows scripting language. The only caveat is that the client computer must be able to understand and execute the script.
For our example here, we show how to do the most simplistic of tasks using a logon script: mapping a network drive. To do this, we use the very useful net use command. Net Use accomplishes through a command prompt (or in our case here, a script) what you might normally accomplish through the Windows Graphical User Interface (GUI) in My Network Places when you right-click a share and tell the computer to do a Map Network Drive function. It's a very convenient way of processing a simple task automatically and transparently .
Since our logon script will be a simple text file, we shall use Notepad to create it. Open Notepad , located on the Start Menu under All Programs ˆ’ > Accessories .
Once Notepad opens, it presents you with a blank document. Using the net use syntax, map the Marketing network share to the Z: drive for a member of the Marketing group . The syntax for net use to perform this task is as follows :
net use [drive letter:] \network path\ [password] /user:[user]
For this example, we use the marketing user Tye Dye (username of tdye and password of test). So our syntax is:
net use z: \\DC01\marketing test /user:tdye
Type this into notepad and save it to the \\DC01\SYSVOL\guinea.pig\scripts folder. Be sure to name the document marketinglogon.cmd . Saving the file to the scripts folder causes this script to be replicated to other domain controllers on the network (which we go into in Chapter 5), and giving the file the .cmd extension tells each Windows client that this file is executable. Close Notepad when you're finished.
Open Active Directory Users and Computers and bring up the GPO Editor for the South Wing OU. Under User Configuration ˆ’ > Scripts (Logon/Logoff) , double-click Logon in the right window pane.
Click the Add button and type the path to our logon script in the Script Name field:
Click Apply and OK .
Log into the domain as your test Marketing user on a test Windows XP Professional or Windows 2000 computer. Double-click My Computer . Notice that the Z: drive is mapped to the Marketing network share on the server.
GPOs are very powerful, and we have only scratched the surface as to what can be done with them. As with any new concept, practice makes perfect, and we encourage you to put your test network through its paces to really unlock the power of the Group Policy Object.