Test Scenario - Process User Logon Script over VPN connection

Overview:

You can enable the processing Active Directory user logon script by configuring this policy.  In the GPO setting, if you set the option Run in command line the script will be processed in the command shell, as if cmd /c "{script path}" was used.

 

Purpose

 This article provides instructions on testing the SYNERGIX AD Client Extensions software.  Execute User Logon Scripts feature is configured using the GPO Administrative Template file.  After installing the Administrative Template file, the policy setting can be found under COMPUTER CONFIGURATION \ Administrative Templates \ SYNERGIX AD Client Extensions \ Scripts\Execute User Logon Scripts.  The Explain tab of the Group Policy setting provides online instructions on configuring the feature. 

Prerequisites

  • Supported Microsoft Windows Operating System
    • Microsoft Windows XP 
    • Microsoft Windows Vista 
    • Microsoft Windows 7.0 
    • Microsoft Windows 8.x
    • Microsoft Windows 10.0
  • .NET Framework
    • .NET Framework 4.0
  • Active Domain Membership in Microsoft Active Directory domain
  • Microsoft Outlook or other EMail client
  • SYNERGIX AD Client Extensions

Active Directory Domain Environment

  • Single Active Directory Domain environment i.e. Single Forest with Forest Root Domain only example. F10.LOCAL
  • You can setup a more complex Active Directory Domain environment, if needed.  For example, one forest F10.LOCAL with child domains D10.F10.LOCAL, D11.F10.LOCAL and D12.F10.LOCAL and a trusted forest F20.LOCAL with child domains D20.F20.LOCAL, D21.F20.LOCAL and D22.F20.LOCAL
  • Security Group(s)

                  * Not required for this feature

  • Delegate Control

                   *Not required for this feature

  • Configure domain Group Policy Object
    • Copy SYNERGIX AD Client Extensions Administrative Template file  SYNERGIX-ADCE.ADMX to %SystemRoot%\PolicyDefinitions on admin workstation (must be Windows 7.0) 
    • Copy SYNERGIX AD Client Extensions Administrative Template Language file SYNERGIX-ADCE.ADML to %SystemRoot%\PolicyDefinitions\en-US on same admin workstation ( must be Windows 7.0 ) 

 

Configure User Logon Script

  • Launch Active Directory Users and Computers using DSA.MSC command
  • Expand OU containing User objects
  • Select a user object
  • Right mouse click on the selected user object and select Properties in the context menu.
  • Click on the Profile tab and select Logon script
  • Specify a script file. Example userLogon.vbs

Note: The script file name cannot be a long file name. It should not contact any space characters or any other symbol.

  • Click on OK to commit the changes.

 

Configure AD Client Extension “Execute User Logon Scripts” feature

  • Launch GPMC.MSC.  Select existing or new Group Policy Object you wish to configure.
  • Expand COMPUTER CONFIGURATION
  • Expand Policies
  • Expand Administrative Templates
  • Expand Scripts
  • Double Click on “Execute User Logon Scripts” and enable it.
  • Specify the Minimum Run Interval (in minutes), by default it is 1 min.
    • If you do not wish for the User Logon Script to be processed every time a user connects via VPN on the same day, you can set the Minimum Run Interval to a higher value. For instance, if you set the value to 1,440 mins, the User Logon Script will be processed only once a day.
  • Specify Logon script execution timeout in minutes, by default it is 5 min.
  • Additionally, you can configure other options

Run in Command line

Copy script file locally

Always copy the script file locally

Delete local script file after script execution

 

More Information

 

Procedure

  • Log into a domain computer with the domain user account (your admin account) that has local administrative privileges on the workstation.
  • Ensure the SYNERGIX AD Client Extensions specific Group Policy settings were applied
    • Launch RSOP.MSC or run GPRESULT.EXE /v to confirm
  • Install SYNERGIX AD Client Extensions software
  • Log out
  • Log into to the same domain computer with a normal domain user account.
  • Now disconnect the network cable or drop the VPN connection from your test machine
  • Login with your normal domain user account.  This login will use cached credential.
  • Re-connect to your corporate network. You should notice the logon script get executed once the Minimum Run Interval has elapsed
    • If you wish to re-run the test and not wait for the Minimum Run Interval period to elapse, you can remove the lastUpdate registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Synergix\ADCE\Scripts\Execute User Logon Script

Test Results

  • Pass or
  • Fail

 

Test Result Submission

  1. Complete the Test Environment worksheet
  2. Upload test results document file to software test repository
  3. Upload log files
    • ServiceLogfile.txt
    • ClientLogfile.txt
    • Output of GPRESULTS.EXE /V command

Note: You must use ADCE \ Help \ Submit Log Files button to zip up above 3 files and submit to support@synergix.com

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk