RE: prevent execution of login-script?

From: Patrick Rouse (
Date: 02/10/05

Date: Wed, 9 Feb 2005 16:49:14 -0800

Sure, and there are multiple ways to do this. I know I just answered this
same question for someone this week, but in a nutshell:

1. You could add a case to the beginning your logon script that detects the
name of the TS, and jumps to the end.

2. You could assign logon scripts via Group Policy, instead of via user
account, then apply a specific (or not at all) logon script to your TS via
loopback policy. With a loopback policy, you apply setting to users ONLY
when they logon to specific computers, i.e. TS. These computers are put into
their own OU, and the policy is applied to the OU, and the security is
filtered to apply to the TS computer objects and authenticated users, but
denied (apply policy) to Domain Admins, so your policy doesn't lock admins
out of features.

Patrick Rouse
Microsoft MVP - Terminal Server

"Joerg Wegner" wrote:

> Hi,
> Is it possible to prevent the execution of userlogin-scripts for
> TS-sessions?
> It should be a setting at the server, not in the script.
> Maybe its a registry-setting, or local-policy, I haven't found a solution
> yet to realize it.
> many thanks for response
> regards
> Joerg

Relevant Pages

  • Re: IPSEC Policy to secure TS
    ... The computers are not in the same network. ... >> Hi Chris. ... >> policy, try server request policy to see if that will ... >>> longer connect to the Terminal Server on Port 3389. ...
  • Re: logon script
    ... If you are going to use a logon script with AD enabled machines ... Group Policy route in this case. ...
  • Re: RDP logn script override?
    ... I'm guessing you want to change the user account settings as opposed ... When you set the policy on the computer, ... setting if the computer will allow a roaming user's profile to be downloaded ... >> What this does is apply a different logon script when the users log on to ...
  • RE: sbs 2003 logon script being ignored by client computers
    ... Thanks for posting in the SBS public newsgroup. ... you want to know if the logon script can be ignored by ... client computer by domain policy. ... 231287 Loopback Processing of Group Policy ...
  • Re: Gpo that does not apply to term servers
    ... logon script, works fine for most only a few of shared pcs wont allow script ... Tried adding pcs to gpo and denying apply group policy but it still applies ... Put the machines that need to apply the policy into a security group and ...