RE: prevent execution of login-script?

From: Patrick Rouse (PatrickRouse_at_discussions.microsoft.com)
Date: 02/10/05


Date: Wed, 9 Feb 2005 16:49:14 -0800

Sure, and there are multiple ways to do this. I know I just answered this
same question for someone this week, but in a nutshell:

1. You could add a case to the beginning your logon script that detects the
name of the TS, and jumps to the end.

2. You could assign logon scripts via Group Policy, instead of via user
account, then apply a specific (or not at all) logon script to your TS via
loopback policy. With a loopback policy, you apply setting to users ONLY
when they logon to specific computers, i.e. TS. These computers are put into
their own OU, and the policy is applied to the OU, and the security is
filtered to apply to the TS computer objects and authenticated users, but
denied (apply policy) to Domain Admins, so your policy doesn't lock admins
out of features.

http://www.workthin.com/tshta.htm#LockingDownWindowsServer2003TerminalServerSessions

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com

"Joerg Wegner" wrote:

> Hi,
>
> Is it possible to prevent the execution of userlogin-scripts for
> TS-sessions?
> It should be a setting at the server, not in the script.
> Maybe its a registry-setting, or local-policy, I haven't found a solution
> yet to realize it.
>
> many thanks for response
>
> regards
> Joerg
>
>
>



Relevant Pages

  • Re: IPSEC Policy to secure TS
    ... The computers are not in the same network. ... >> Hi Chris. ... >> policy, try server request policy to see if that will ... >>> longer connect to the Terminal Server on Port 3389. ...
    (microsoft.public.win2000.security)
  • Re: logon script
    ... If you are going to use a logon script with AD enabled machines ... Group Policy route in this case. ...
    (microsoft.public.windows.server.sbs)
  • Re: RDP logn script override?
    ... I'm guessing you want to change the user account settings as opposed ... When you set the policy on the computer, ... setting if the computer will allow a roaming user's profile to be downloaded ... >> What this does is apply a different logon script when the users log on to ...
    (microsoft.public.scripting.vbscript)
  • RE: sbs 2003 logon script being ignored by client computers
    ... Thanks for posting in the SBS public newsgroup. ... you want to know if the logon script can be ignored by ... client computer by domain policy. ... 231287 Loopback Processing of Group Policy ...
    (microsoft.public.windows.server.sbs)
  • adding REG_BINARY value to all computers
    ... I want to add a REG_BINARY value to all computers using either group ... policy or the logon script. ... If I want to add the web site to allow pop-ups, would the command be ...
    (microsoft.public.windowsxp.general)