RE: prevent execution of login-script?

From: Patrick Rouse (PatrickRouse_at_discussions.microsoft.com)
Date: 02/10/05


Date: Wed, 9 Feb 2005 16:49:14 -0800

Sure, and there are multiple ways to do this. I know I just answered this
same question for someone this week, but in a nutshell:

1. You could add a case to the beginning your logon script that detects the
name of the TS, and jumps to the end.

2. You could assign logon scripts via Group Policy, instead of via user
account, then apply a specific (or not at all) logon script to your TS via
loopback policy. With a loopback policy, you apply setting to users ONLY
when they logon to specific computers, i.e. TS. These computers are put into
their own OU, and the policy is applied to the OU, and the security is
filtered to apply to the TS computer objects and authenticated users, but
denied (apply policy) to Domain Admins, so your policy doesn't lock admins
out of features.

http://www.workthin.com/tshta.htm#LockingDownWindowsServer2003TerminalServerSessions

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com

"Joerg Wegner" wrote:

> Hi,
>
> Is it possible to prevent the execution of userlogin-scripts for
> TS-sessions?
> It should be a setting at the server, not in the script.
> Maybe its a registry-setting, or local-policy, I haven't found a solution
> yet to realize it.
>
> many thanks for response
>
> regards
> Joerg
>
>
>