You might want to make several changes and implement certain settings that would apply while the computer is starting up or the user is logging on. Perhaps the most common operation that logon scripts perform is mapping network drives. Although users can manually map network drives, providing this functionality within login scripts ensures that mappings stay consistent and that users only need to remember the drive letters for their resources.
Script policies are specific options that are part of Group Policy settings for users and computers. These settings direct the operating system to the specific files that should be processed during the startup/shutdown or logon/logoff processes. You can create the scripts by using the Windows Script Host (WSH) or with standard batch file commands. WSH allows developers and system administrators to create scripts quickly and easily using Visual Basic Scripting Edition (VBScript) or JScript (Microsoft’s implementation of JavaScript). Additionally, WSH can be expanded to accommodate other common scripting languages.
To set script policy options, you simply edit the Group Policy settings. As shown in Figure 8.6, there are two main areas for setting script policy settings:
Startup/Shutdown Scripts These settings are located within the Computer Configuration ➢ Windows Settings ➢ Scripts (Startup/Shutdown) object.
Logon/Logoff Scripts These settings are located within the User Configuration ➢ Windows Settings ➢ Scripts (Logon/Logoff) object.
FIGURE 8.6 Viewing Startup/Shutdown script policy settings
To assign scripts, simply double- click the setting and its Properties dialog box appears. For instance, if you double-c lick the Startup setting, the Startup Properties dialog box appears (see Figure 8.7). To add a script filename, click the Add button. When you do, you will be asked to provide the name of the script file (such as MapNetworkDrives.vbs or ResetEnvironment.bat).
FIGURE 8.7 Setting scripting options
Note that you can change the order in which the scripts are run by using the Up and Down buttons. The Show Files button opens the directory folder in which you should store the Logon script files. To ensure that the files are replicated to all domain controllers, you should be sure you place the files within the SYSVOL share.
Understanding the Loopback Policy
There may be times when the user settings of a Group Policy Object should be applied to a computer based on its location instead of the User object. Usually, the user Group Policy processing dictates that the GPOs be applied in order during computer startup based on the computers located in their organizational unit. User GPOs, on the other hand, are applied in order during logon, regardless of the computer to which they log on.
In some situations, this processing order may not be appropriate. A good example is a kiosk machine. You would not want applications that have been assigned or published to a user to be installed when the user is logged on to the kiosk machine. Loopback Policy allows two ways to retrieve the list of GPOs for any user when they are using a specific computer in an OU.
Merge Mode The GPOs for the computer are added to the end of the GPOs for the user. Because of this, the computer’s GPOs have higher precedence than the user’s GPOs.
Replace Mode In Replace mode, the user’s GPOs are not used. Only the GPOs of the Computer object are used.
Managing Network Configuration
Group Policies are also useful in network configuration. Although you can handle network settings at the protocol level using many different methods, such as Dynamic Host Configuration Protocol (DHCP), Group Policy allows you to set which functions and operations are available to users and computers.
Figure 8.8 shows some of the features that are available for managing Group Policy settings. The paths to these settings are as follows:
Computer Network Options These settings are located within the Computer Configuration ➢ Administrative Templates ➢ Network ➢ Network Connections folder.
User Network Options These settings are located within User Configuration ➢ Administrative Templates ➢ Network.
Here are some examples of the types of settings available:
■ The ability to allow or disallow the modification of network settings.
In many environments, the improper changing of network configurations and protocol settings is a common cause of help desk calls.
■ The ability to allow or disallow the creation of Remote Access Service (RAS) connections.
FIGURE 8.8 Viewing Group Policy User network configuration options
This option is useful, especially in larger networked environments, because the use of modems and other WAN devices can pose a security threat to the network.
■ The ability to set offline files and folders options.
This is especially useful for keeping files synchronized for traveling users, and it is commonly configured for laptops.
Each setting includes detailed instructions in the description area of the GPO Editor window. By using these configuration options, you can maintain consistency for users and computers and avoid many of the most common troubleshooting calls.
Configuring Network Settings
In Windows Server 2022, you can set a lot of user and network settings by using GPOs. Some of the different settings that can be configured are configure printer preferences, defining network drive mappings, configuring power options, setting custom Registry settings, manipulating Control Panel settings, configuring Microsoft Edge settings, settings for file and folder deployment, setting up shortcut deployments, and configuring item- level targeting.
To configure any of these settings, open the Group Policy Management Console and choose the GPO you want to edit. Once you start editing, you can configure any of these network settings.