Windows Server 2012 R2-Chapter9-Group Policy Scripts. Group Policy Settings:-
On a few different occasions I've been asked is there anything that can't be done with Group Policy. The answer that I've given is, for the most part, the answer to that question is no, there is nothing that cannot be managed using Group Policy. Now it's not that I have this extreme level of confidence that there's a Group Policy setting for anything and everything you could ever imagine. The reason I say with confidence that you can do pretty much anything with Group Policy is because if there's not a setting, well then you can probably perform the customization or whatever the action is you're looking to do by using a script.
Group Policy gives us the ability to utilize scripts. Now to demonstrate this, I am here on DC1 in our Group Policy management and inside our Sales OU I have created a GPO called scripts. Nothing has been done to this GPO. It's a newly created GPO that's just been given the name scripts. I'm going to right click and select edit. Now inside the Group Policy object itself here on both the computer and the user side I'm going to expand policies and then expand Windows setting.
So there I've done it on the computer configuration and now I do it on the user configuration. I will pull the bar over here a little bit so we can see everything 'cause I wanna show you that under the computer configuration, inside of our Windows settings you'll see that we have script startup and shutdown. Whereas under the user configuration for scripts we have logon and logoff. It makes sense if you think about it 'cause when Group Policy is processed, the computer settings are processed as the computer is turned on and the user settings are processed as the user logs in, so it makes sense that your startup shutdown scripts are down on the computer side and you're logon logoff scripts are down on the user side, so how do these work? Well I'm gonna use the user script side of things to demonstrate, and if I just click on scripts you'll see I have the option of either a logon or a logoff script.
If I either double click, or you can right click and go to the properties, either way, of one of our scripts, and in this case I did choose logon. What we have the ability to do is add a script that we wanna have run when the user logs on. If I click on add, I wanna show you something. I'm going to browse and show you that out on the C drive of this computer I have a scripts folder and inside that scripts folder is an old DOS batch file, which is a legitimate form of scripting that maps a network drive, but there is a problem here.
I don't wanna just open this and put it into this particular Group Policy object. The reason why is because unless this script actually exists on the C drive, any scripts folder on each individual machine that users are logging onto, it will never be found. It's very important that your scripts exist in a network shared location. There's a couple options that I have here. One is I could actually share the scripts folder and then I could connect to the share and everything would work fine, but there is something that I recommend even beyond that, so let me cancel out of here and cancel out of here.
I'll leave this window open for a moment, what I'm gonna do is I'm gonna jump over to Windows Explorer and I'm gonna show you on the C drive, here's the scripts folder. Here I have the actual batch file itself. Just for the sake of showing you what it says, I will even go in here and show you it's just a net use command that tells it to use the S drive to point to a shared folder. It's just mapping a drive, but what I'm gonna do is I'm going to right click and I'm going to copy this file. I'm gonna copy it because I'm going to put it into a very specific shared folder location that I know will always be available to the user when they logon.
Tags: Windows Server 2012 R2-Chapter9-Group Policy Scripts, Windows Server, Windows Server 2012, Windows Server 2012 R2, Group Policy, Group Policy Management, Group Policy Scripts