Jump to content

Hide logon scripts

JJonas

By JJonas
in Windows

 Share

Recommended Posts

JJonas

JJonas

Posted
Posted

Ive set the option in group policy to hide the legacy logon scipts. So our students wont see the script running but its not working.

It works fine for network admin staff and teachers but not for students. I can make it work if I add the students to the administrators group but for obvious reasons I dont want to do that.

 

I think it is not working because there is something on the local machine that needs changing that students dont have permission to access.

If this is the case is there an easy way to change it on all of our computers without going round them one by one?

 

Anyone out there got any ideas on how to solve this one?

cromertech

cromertech

Posted
Posted

All of my logon scripts are vbs and run silently anyway but i've found this that may be useful. i've bolded the one i think may apply to you. It seems that the policy is backwards if this article is correct.

 

Four policies for script execution

Finally, take a look at a few group and local policy settings that control script execution. The User Configuration | Administrative Templates | System | Logon | Logoff branch includes four policies that let you control script execution:

 

* Run Logon Scripts Synchronously. Enable this policy if you want to require that all scripts must finish processing before XP displays the user interface. If the policy is disabled, XP can display the user interface while scripts continue to execute.

* Run Legacy Logon Scripts Hidden. Enable this policy if you want the user to be able to see the account-based logon script execute. The script appears in a console window. The console is hidden if the policy is disabled.

* Run Logon Scripts Visible. Enable this policy to display the policy-defined logon scripts in a console window, allowing the user to view them as they execute.

* Run Logoff Scripts Visible. Enable this policy to display the policy-defined logoff scripts in a console window.

cromertech

cromertech

Posted
Posted

I suppose if all you want is for them not to see the actual contents of the script you could just

@ECHO OFF

 

at the beginning but this won't stop the console window which i guess is what you want. I'm afraid I'm out of ideas now

JJonas

JJonas

Posted
  • Author
Posted

It is the console window im trying to stop.

 

We have had problems with the kids closing it before it finished and not getting all the mapped drives.

 

It did used to work but that was when the disks were set up as FAT32 now they are NTFS it has stopped. Which makes me think it is something to do with local permissions.

pagelad

pagelad

Posted
Posted

How have you applied the scripts?

 

I usually find no matter what settings i put if i attach the scripts to users in AD they appear but if i assign them to OU's in Group Policy they run invisibly

pagelad

pagelad

Posted
Posted
They are attached to the user in AD. didnt realise I could assign the via OU in group policy.

 

Yeah just create a new GPO, then look in user config, windows settings and scripts.

 

Made is so much easier for me to keep track of who has what script!

JJonas

JJonas

Posted
  • Author
Posted (edited)

Thanks everybody

 

To answer my own question: changes need to be made to the students profile. Which was set to mandatory.

Edited by JJonas
mattx

mattx

Posted
Posted

I tend to use START: [ if batch ]

 

From Start /?

 

Starts a separate window to run a specified program or command.

 

START ["title"] [/Dpath] [/i] [/MIN] [/MAX] [/sEPARATE | /SHARED]

[/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL]

[/WAIT] [/b] [command/program]

[parameters]

 

"title" Title to display in window title bar.

path Starting directory

B Start application without creating a new window. The

application has ^C handling ignored. Unless the application

enables ^C processing, ^Break is the only way to interrupt

the application

I The new environment will be the original environment passed

to the cmd.exe and not the current environment.

MIN Start window minimized

MAX Start window maximized

SEPARATE Start 16-bit Windows program in separate memory space

SHARED Start 16-bit Windows program in shared memory space

LOW Start application in the IDLE priority class

NORMAL Start application in the NORMAL priority class

HIGH Start application in the HIGH priority class

REALTIME Start application in the REALTIME priority class

ABOVENORMAL Start application in the ABOVENORMAL priority class

BELOWNORMAL Start application in the BELOWNORMAL priority class

WAIT Start application and wait for it to terminate

command/program

If it is an internal cmd command or a batch file then

the command processor is run with the /K switch to cmd.exe.

This means that the window will remain after the command

has been run.

 

If it is not an internal cmd command or batch file then

it is a program and will run as either a windowed application

or a console application.

 

parameters These are the parameters passed to the command/program

 

 

If Command Extensions are enabled, external command invocation

through the command line or the START command changes as follows:

 

non-executable files may be invoked through their file association just

by typing the name of the file as a command. (e.g. WORD.DOC would

launch the application associated with the .DOC file extension).

See the ASSOC and FTYPE commands for how to create these

associations from within a command script.

 

When executing an application that is a 32-bit GUI application, CMD.EXE

does not wait for the application to terminate before returning to

the command prompt. This new behavior does NOT occur if executing

within a command script.

 

When executing a command line whose first token is the string "CMD "

without an extension or path qualifier, then "CMD" is replaced with

the value of the COMSPEC variable. This prevents picking up CMD.EXE

from the current directory.

 

When executing a command line whose first token does NOT contain an

extension, then CMD.EXE uses the value of the PATHEXT

environment variable to determine which extensions to look for

and in what order. The default value for the PATHEXT variable

is:

 

.COM;.EXE;.BAT;.CMD

 

Notice the syntax is the same as the PATH variable, with

semicolons separating the different elements.

 

When searching for an executable, if there is no match on any extension,

then looks to see if the name matches a directory name. If it does, the

START command launches the Explorer on that path. If done from the

command line, it is the equivalent to doing a CD /D to that path.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 47 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...