1. Create the logon script and give it the appropriate name (for example: logon.bat, logon.cmd, logon.vbs, etc.

) The script can use ANY name, just make sure you know what that name is, and give it the right file extension type. 2. Make sure that the script runs and performs the required action when it is manually run (double-click on it). 3. Copy the logon script (CTRL+C). 4. If you plan to have more than ONE logon script, and if you wish to assign that/those script(s) to more than one user, you will need to create as many logon scripts as you want, and then add them in the right order in the right GPO. More on that, later. 5. What permissions are required for Logon scripts to run? 6. Logon and Logoff scripts run with the credentials of the user. It is recommended that the Domain Users group shall be given permission to any resources used by either of these scripts. For example, if the Logon or Logoff script writes to a log file, the group Domain Users should be given read/write access to the file or the folder where the log file is located. Most users have limited privileges on the local computer, so Logon and Logoff scripts will have the same limited privileges. 7. As a side note, Startup and Shutdown scripts run with the credentials of the computer object. It is recommended that the Domain Computers group shall be given permission to any resources used by the Startup or Shutdown scripts. However, it's worth knowing that Startup and Shutdown scripts have System privileges on the local computer. This gives Startup and Shutdown scripts access to the local file system and registry. 8. Assigning the script to the user or users 9. Next, we need to decide what user should have the logon script. With this procedure (and unlike the Active Directory Users and Computers method), you can link AS MANY logon script AS YOU WANT to your users, and you can do it as many times as you want. However, it will only work on computers that are Windows 2000 and above, although in most cases nowadays this is not a problem. 10. The title of this section is kind of misleading, because when using GPOs, you do NOT assign the GPO to a user or users, but to an Organizational Unit (OU), to an Active Directory Site, or to the entire Active Directory Domain. So, you must now decide if you want the script to apply to ALL THE DOMAIN USERS, or just to a specific set of users located within one or more OU (Organization Unit) in Active Directory Users and Computers. 11. If you choose to apply on all the users in the domain, you must create a Group Policy Object (or GPO) and link it to the ENTIRE domain. If you choose to apply the script ONLY to a SPECIFIC SET of users, you must place all the users in one OU (Organization Unit) in Active Directory Users and Computers, and link the GPO to that OU. 12. In order to assign the GPO and edit it, we'll use a tool called Group Policy Management console, or GPMC in short. This tool is not installed by default in Windows Server 2003, and neither is it installed by default in Windows Server 2008. In Windows Server 2008, GPMC is considered to be a "Feature", and you must install it before being able to use it. However, unlike in Windows Server 2003 where you must download and install the tool, in Windows Server 2008, GPMC is already a part of the OS, you simply need to add it. If the Windows Server 2008 server is also a Domain Controller, GPMC will be automatically installed as part of the DCPROMO procedure. If it's not a DC, you'll need to manually add it. 1. See if the Administrative Tools folder has a tool called Group Policy Management Console. If it does, read on. If it doesn't, read "Adding Features to Windows Server 2008" article. 2. Open Group Policy Management Console from the Administrative Tools folder (or gpmc.msc from RUN).

3. If, as described in the above paragraph, you decided to apply the script to ALL THE DOMAIN USERS, expand the domain tree, locate the domain name. Right-click the domain name and select Create and Link a GPO Here. 4. If, as described in the above paragraph, you decided to apply the script to ONLY a SPECIFIC SET of users, expand the domain tree, locate the OU where the users from are located. Right-click the OU and select Create and Link a GPO Here. 5. In the New GPO window, give the new GPO a descriptive name, such as "Test Logon Script GPO". Click Ok. 6. If you don't see it already, refresh the GPMC view and find the new GPO you've just created under either the domain name, or the OU, depending on your previous choice. 7. When you click on the new GPO you might be prompted with a message window. Click Ok. 8. Right-click the new GPO and select Edit. 9. In the Group Policy Object Editor window, expand User Configuration > Windows Settings > Scripts. 10. Double-click Logon in the right-hand pane. 11. In the Logon Properties window, click Show Files. 12. A window will open. The path will be a folder similar to the following: \\domain.com\SYSVOL\Petri.local\Policies\{E4A62379-8423-4654-8DB601FB8F58582D}\User\Scripts\Logon. Paste the logon script you've copied in the previous part of this article. Close the window. 13. Back in the Logon Properties window, click Add. 14. In the Add a Script window, click Browse and you will see the logon script step #11. Whatever you do, DO NOT manually browse for the file, it should be in front of your eyes. If it's not there, check the previous steps for a mistake. Click Ok. 15. Back in the Logon Properties window, see if the logon script is listed, and if it is, click Ok. 16. Close the Group Policy Object Editor window. 17. Close the GPMC window.