GPO Logon Scripts

Tutorial: Using a Logon Script to Map a Network Drive on a Client Computer

1. Since our logon script will be a simple text file, we shall use Notepad to create it. Open Notepad , located on the Start Menu under All Programs ˆ’ > Accessories .

2. Once Notepad opens, it presents you with a blank document. Using the net use syntax, map the Marketing network share to the Z: drive for a member of the Marketing group . The syntax for net use to perform this task is as follows :

    net use [drive letter:] \network path\ [password] /user:[user] 

   For this example, we use the marketing user Tye Dye (username of tdye and password of test). So our syntax is:

   net use z: \\DC01\marketing test /user:tdye

   Type this into notepad and save it to the \\DC01\SYSVOL\guinea.pig\scripts folder. Be sure to name the document marketinglogon.cmd . Saving the file to the scripts folder causes this script to be replicated to other domain controllers on the network (which we go into in Chapter 5), and giving the file the .cmd extension tells each Windows client that this file is executable. Close Notepad when you're finished.

3. Open Active Directory Users and Computers and bring up the GPO Editor for the South Wing OU. Under User Configuration ˆ’ > Scripts (Logon/Logoff) , double-click Logon in the right window pane.

4. Click the Add button and type the path to our logon script in the Script Name field:

   \\DC01\SYSVOL\guinea.pig\scripts\marketinglogon.cmd

   Click Apply and OK .

5. Log into the domain as your test Marketing user on a test Windows XP Professional or Windows 2000 computer. Double-click My Computer . Notice that the Z: drive is mapped to the Marketing network share on the server.

GPOs are very powerful, and we have only scratched the surface as to what can be done with them. As with any new concept, practice makes perfect, and we encourage you to put your test network through its paces to really unlock the power of the Group Policy Object.