Logon Script does not start on Server 2012 R2

Logon Script does not start on Windows Server 2012 R2 domain

Nov 29, 2017 (Letztes Update) | Posted by Jörg Hoffmann Powershell |

A customer approached us and asked for a “Logon script” based on PowerShell.

Unfortunately the script was not executed during login. The reason for this error was a new Group Policy.

Index

Assigning Attributes to Network Drives with Logon Script

The task was to write a PowerShell script which assigns the correct network drives to users. To achieve this, two steps were required:

First, the logon script reads selected attributes of the user that logs into the system.
These two attributes were defined as parameters earlier on:

Company (attribute ‘Company‘)
Location (attribute ‘l‘)

Additionally, the script analyzes group memberships. Based on these findings the script assigns network drives accordingly.

The customer received the logon script and tested it.

Logon Script not Starting Automatically

The PowerShell script ran perfectly if you started it manually. But the first tests also revealed that the script did not activate when a user logged in.

New group policy “Logon Script Delay”

Research revealed that there were new group policies in place after the launch of Windows Server 2012 R2 and Windows 8.1.

One of the new group policies was: “Configure Logon Script Delay”.

Logon Script is delayed for 5 minutes

The group policy „Configure Logon Script Delay“ regulates how much time has to pass after logon before the script starts to run. In this case the default value setting was “5 minutes”. During testing there was less time of course and we didn’t wait long enough. The logon delay was therefore set back to „0“ and the script worked.

In conclusion there is no standard recommendation as to what the ideal time should be. It depends on the circumstances of the relevant situation. It is helpful to know that the logon script delay can be changed or disabled. However, it is open for discussion as to whether the default setting should be defined as 5 minutes.

This article was written during a project of FirstAttribute.
We are experts in Active Directory, Identity Management and Access Management and happy to help you.

FirstAttribute AG – Microsoft Consulting Partner for
Migration and Active Directory

AD Consulting | AD Migration

Did this help you? Share it or leave a comment:

Artikel erstellt am: 14.03.2017

Leave a Reply

<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>

Dynamic AD Groups

Links

Social Icons Widget

Dynamic Entra ID Groups

Recent Articles

Categories