Activate and specify logon script without user interaction

Kintaro

1/11/24, 11:27 AM

I would like to remotely activate a logon script to computers (Win10 and 11) not connected to a domain.

I can already remotely deploy software/script/files as admin, for example: I can deploy a logon.bat in C:\WINDOWS\System32\GroupPolicy\User\Scripts\Logon or C:\Windows\System32\Repl\Import\Scripts or run commands/install sw.

I know that there are a local group policy to do so and also that is possibile to set a logon script at user level in the profile tab of a users (users/group snap-in).

The thing that I can't find is a command/registry that can enable and specify what scritp to run without using the GUI.

734

2 + 0

windows

logon-scripts

group-policy

windows-command-prompt

Score:1

Server

James63

1/11/24, 8:22 PM

I would use a scheduled task for this. Under the triggers specify At Logon, and Any User. This way you get total control over the script name, location, type of script, etc. Just be sure to place the script in a location that non-admins cannot make changes to, or else call the script using a powershell command line like this with powershell.exe as the program to run, and arguments something like

-Command "&{if ((get-filehash c:\myscript.ps1).Hash -eq sdf83uf23f288vf0939r23) {& powershell.exe -file c:\myscript.ps1}}

Does it matter to you whose context the command runs under? SYSTEM, as that user, etc?

+ 1

Kintaro

1/16/24, 9:37 AM

It needs to be run as the user so I think don't need to send admin credential. So, do you think that there's no way to activate "logon script local policy" without the GUI? I have local admin right over those machines.

Score:0

Server

Kintaro

1/17/24, 4:51 PM

To do it there are two file to be edited and then launch gpupdate so the registry get updated to.

for Startup/Shutdown script.ini in C:\Windows\System32\GroupPolicy\Machine\Scripts
for Logon/Logoff script.ini in C:\Windows\System32\GroupPolicy\User\Scripts
You need to add for example:

[Logon]
0CmdLine=first_logon_scritp.bat
0Parameters=
1CmdLine=second_logon_script.bat
1Parameters=

In this case as is a logon script the file have to be deployed in:

C:\Windows\System32\GroupPolicy\User\Scripts\

The second file is:

GPT.ini in C:\Windows\System32\GroupPolicy You need to add:

gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}]

After that run gpupdate to update the registry

sources:

https://simplecodesoftware.com/articles/how-to-set-up-group-policy-scripts-programmatically

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0a68a605-3f3f-4c0a-a402-f549e25b9cba/assign-a-local-logon-script-using-group-policy?forum=winserverGP

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Activate and specify logon script without user interaction

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.