IT Employment

General discussion


Group Policies in Active Directory Win2003

By balkey ·
Hi guys,

I have created a very simple batch file to install a couple of fonts and Word templates automatically. (details below).

But i would like to rollout this script automatically across the network. I believe i can do this using Group Policies.
But how ?

I only want this script to run for certain users. I already have a Distribution Group for the relevant users. But do i need to create a new Security Group of the users?

I have been doing alot of reading around, and im a bit confused. I know there is a Default Domain Policy, but that affects all users in the domain. I only want certain users to be affected, but the sources i have read thus far indicate that you cant assign a group policy to a security group???
(But u can assign to an OU, but we havent set up Organisational Units)
Aaaarrrgggggghh !

I believe i have to add the batch file to "User Configuration?, ?Windows Settings?, ?Scripts (Logon/Logoff)?, ?Logon". But thats all i know so far.

Any advice please guys ?


PS - the script is a bat file as follows ...

copy News Gothic BT.ttf %systemroot%\fonts
copy News Gothic Bold BT %systemroot%\fonts
copy News Gothic Italic BT.ttf %systemroot%\fonts
copy News Gothic Bold Italic BT.ttf %systemroot%\fonts

regedit /s importfonts.reg


START message.txt

(where importfonts.reg add the fonts to reg key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
and message.txt is just a pop up notice informing user of the changes)

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Create a new group policy object

by faradhi In reply to Group Policies in Active ...

and set the security filtering to only include the group you wish to affect.

Collapse -

by balkey In reply to Create a new group policy ...

hi. Thanks for the quick reply!

So if i understand correctly..

1) create a new Security Group, and make only the users i want to run the bat file on as Members of this Group.
(should this be a Global or Domain Local group?)

2)Right Click on mydomain.local in active directory, and select Properties.

3) Go to Group Policies tab. There is already a Default Domain Policy listed there.

4) Create NEW Group Policy Object.

5) Click Properties, and go to Security Tab.
Here ther are a bunch of groups already listed :
Authenticated Users, Creator Owner, Domain Admins, Enterprise Admins, Enterprise Domain Controllers, System.

Should u UNTICK the "Apply Group Policy" for all these ??

6) Then should i click ADD, and select the new security group i made above, and TICK the "Apply Group Policy" for this group only?

7) Then i EDIT the New Group Policy Object by going to "User Configuration?, ?Windows Settings?, ?Scripts (Logon/Logoff)?, ?Logon"
Then i ADD the *.bat file to the Logon folder.

But i only want the script to run ONCE.
Is there a parameter that says only run this logon script once?

Am i on the right track here ?


Collapse -

Use the Group Policy Management Console

by faradhi In reply to

You can download it here.

Dont, Mess with the Security t. When you click on the object in the GPMC you will see on the right, Security Filtering under the SCOPE tab. By default it will be Authenticated Users.

Also, these types of questions should be posted in the Tech Q&A not in the discussion section.

Collapse -

Oh yeah one other thing

by faradhi In reply to Group Policies in Active ...

When you set the login script. Be sure to disable the computer configuration so that the policy will process quicker.

Collapse -

what does the importfonts.reg look like?

by cgreeff In reply to Group Policies in Active ...

Can you post the details of the importfonts.reg file you used here?

Collapse -

The power of AD GPOs...

You're on the right track, however, whenever you're dealing with GPOs or managing multiple users or machines, ALWAYS create a new OU or security group.
Secondly, learn to differentiate between Startup/Shutdown scripts and Logon/Logoff scripts. You assign a Logon script to an individual user, you assign Startup/Shutdown scripts to computer accounts.

1. Create a New Fonts and Word Templates OU.
2. Copy the Script to the SysVol scripts folder on a DC (\\DCName\sysvol\domain\profiles\GUID\User\Scripts\Logon\scriptname.bat).
3. Open GPO Editor and create a new GPO to run the Startup script (Computer Configuration/Administrative Templates/System/Scripts (Startup/Shutdown)) and assign it to the Fonts and Word Templates OU.

Remember that Startup scripts run when the computer starts up, logon scripts only run when a user logs on.

Collapse -


by agrawalpiyush In reply to Group Policies in Active ...

With Group Policy, you can manage your network from on high, governing the specifics of how your users and computers operate within your AD environment. Once you start using it, you'll be amazed at how quickly and easily you can deploy changes to the masses, set up consistent desktop and server configurations, control the end-user experience, lock down workstations and even control the Windows XP firewall. But, as with any powerful tool, you must exercise caution and responsibility to keep end users happy. Test, document and troubleshoot the changes you make to your environment using Group Policy before you employ it.

Related Discussions

Related Forums