Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stop users bypassing login script

Status
Not open for further replies.
jools1971

jools1971

MIS
Joined
Nov 18, 2003
Messages
8
Location
GB
Hi

Q.. Can I force a laptop PC to run a logon script when accessing domain resources e.g shared drives etc?

I have 2 laptop pc's that connect to a local network domain whilst in the office or remotely via a VPN dialup to a win2003 server.

When off site the laptops use their stored credentials. When the user returns to the office they can bypass their login script by logging in before connecting to the network.

That way the get all the shared drives without running the login script which I use to push updates to the laptops.

Any ideas?
 
Sort by date Sort by votes
What do you mean by 'logging in before connecting to the network'? That they use a local logon rather than a domain one when they first logon? Or they logon with cached credentials before establishing a connection, and then plug the network in?
 
Upvote 0 Downvote
I know this won't solve your problem, but I am one of those users that you love to hate.

I go into work, logon to my machine, the login script starts running... first it tries to clear all files from my Temp folders (whether they are .tmp files or not)... then checks to see if it needs to copy files, the maps six network drives (only one of which I use)... then runs an inventory of all of my hardware and software. Meanwhile my CPU usage is 75-100% for a couple of minutes and I can't even check my email.

Solution? Logon, open the CMD window where the login script is running, hit Ctrl-C, and Y.

(Make sure you fix that one too).
 
Upvote 0 Downvote
Ahhh, my favorite type of user. [nosmiley]

A few users were trying that on my network for awhile. Since I utilized startup and logon scripts, some users were simply logging in with cached credentials then connecting to the network. They were bypassing all my clever scripts. And I couldn't disable cached logons. So, I developed a small script that runs as a scheduled task hourly on one of my servers. It pings each client once per hour, making note of the results. If a system goes for three hours (4 attempts) with no ping, then the next time said system answers a ping, the server pushes the startup and logon scripts to the client via sysinternal's psexec utility, unless said system has already run startup and logon scripts naturally, in which case it's ping counter is reset to zero. I also use utilities to that conceal any spawned command-line windows.

User versus sysadmin...the battle rages eternal

- Ravashaak
 
Upvote 0 Downvote
In an ideal world, users who try to bypass things set up by the admins should be fired. The network and the computers on it are the property of thecompany not the users.

Admins configure things the way they do for reasonss. Users who bypass these things are possibly creating security risks and other potential problems for the whole company.

Any astute company will an "acceptable use" document they require each new hire to read and sign. These documents will provide for termination for failure to follow established policies and procedures.

[purple]Jeff
It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
 
Upvote 0 Downvote
Thanks for your input guys.

In answer to the above - I am talking about users loging in with their cached credentials then connecting to the LAN to avoid the scripts.

I have found another solution that might help us sysadmins keep on top....

It involves the use of WMI

Basically I found a script that will detect network connections being made and run the login scripts. This process is iniated when there is any kind of relevant network change, eg IP address change disable re-enabled adapters etc etc.

Basically all you do is set what addresses constitute a connection to your LAN, the script searches for this when it is initiated and if it thinks you are connected to your lan it runs the logon script.

It also has features to check other network parameters (default gateway address, issuing DHCP server address) to confirm that it is YOUR network it is connected to.

I use this as I have internal 192.168.x.x addresses in the office and at home but the issuing DHCP server is different. Hence I only run the script if connected at the office.

Finally you can run it in verbose mode and log the messages to check it yourself before installing it.

I have created a logon script that installs this detection script as a HKLM/Currentverion/run entry. This installed script has the real logon script coded in it and runs whenever the LAN connects at the office.

The website for the script...?


It only took about half an hour to work it out and create my own script and .reg file to put in the \\x\NETLOGON script to install the running of the detection script.

Hope this makes sense, if not please ask and I will try to clarify.

Regards

Julian Snowden
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hamburg18w
  • Locked
  • Question Question
Task Host is Stopping the Shutdown
Replies
1
Views
1K
Ign3us
Ign3us
Tom11
  • Locked
  • Question Question
Windows 8.1 Login Issue
Replies
10
Views
1K
Edward Cramer
Edward Cramer
DrB0b
  • Locked
  • Question Question
Possibly malware/script but not sure what or how
Replies
7
Views
631
Edward Cramer
Edward Cramer
Vomerpp
  • Locked
  • Question Question
Windows login password
Replies
7
Views
562
spamjim
spamjim
BobMCT
  • Locked
  • Question Question
Trying to redirect a users folder to another internal drive???
Replies
4
Views
407
Nelviticus
Nelviticus

Part and Inventory Search

Sponsor

Back
Top