Questions

setup a GPO that specifies a user logon script but only at certain machines

Tags:
+
0 Votes
Locked

setup a GPO that specifies a user logon script but only at certain machines

sprinkl3s
we need to be able to setup a GPO that is applied to a computer and no matter what user logs into that computer have a login script execute, it cannot be a startup script on the computer side but and actual user logon script... any ideas how to accomplish this?
  • +
    0 Votes
    Dumphrey

    an Organizational Unit in AD, apply the GPO to that container, add computers to the OU from the AD computers container. That should do it for you. You may have to fiddle with the user/computer aspect of GPO. The GPO you apply to the OU will take precedence over "higher" level GPO Objects. Domain Default, then Site Default, then Domain Specific, then OU specific policy is applied.

    +
    0 Votes
    CG IT

    you have mentioned two issues..

    a GPO that is applied to a computer no matter what user logs on

    then say can not be a startup script on the computer side but an actual user logon script.

    you can use a GPO applied to a computers OU that will run when any user logs on

    OR you can have a logon script that is applied anytime a user logs on.

    again which one do you want?

    +
    0 Votes
    EvilhomerGD

    put all of the computers that you want the GPO to apply to into a group. Create the new GPO, and then assign "Apply Group Policy" permissions only to that group that you put the computers into.

    +
    0 Votes
    sprinkl3s

    the software on the client side needs to have connections setup within them and it is on a per user basis... but the connections need to be different based upon machine. we cannot move the computers to different ou's because of current GPO structure. i know i can filter based on computer... but the then only the computer configuration portion of the script will work. i need the user configuration portion of the gpo to work while being filtered by computer group.

    +
    0 Votes
    Dumphrey

    it right then. Create a new OU, create a group in that OU, add the computers to be affected to the group you created. Pretty sure thats all you would need to do.

  • +
    0 Votes
    Dumphrey

    an Organizational Unit in AD, apply the GPO to that container, add computers to the OU from the AD computers container. That should do it for you. You may have to fiddle with the user/computer aspect of GPO. The GPO you apply to the OU will take precedence over "higher" level GPO Objects. Domain Default, then Site Default, then Domain Specific, then OU specific policy is applied.

    +
    0 Votes
    CG IT

    you have mentioned two issues..

    a GPO that is applied to a computer no matter what user logs on

    then say can not be a startup script on the computer side but an actual user logon script.

    you can use a GPO applied to a computers OU that will run when any user logs on

    OR you can have a logon script that is applied anytime a user logs on.

    again which one do you want?

    +
    0 Votes
    EvilhomerGD

    put all of the computers that you want the GPO to apply to into a group. Create the new GPO, and then assign "Apply Group Policy" permissions only to that group that you put the computers into.

    +
    0 Votes
    sprinkl3s

    the software on the client side needs to have connections setup within them and it is on a per user basis... but the connections need to be different based upon machine. we cannot move the computers to different ou's because of current GPO structure. i know i can filter based on computer... but the then only the computer configuration portion of the script will work. i need the user configuration portion of the gpo to work while being filtered by computer group.

    +
    0 Votes
    Dumphrey

    it right then. Create a new OU, create a group in that OU, add the computers to be affected to the group you created. Pretty sure thats all you would need to do.