1

The organization I work for has implemented application access and scripts via Security Groups. This is, if a person needs to access some applications or have a script run when he logs on, we add them to a security group.

There is a logon script configured within the AD acc for each person but I would like to know how this groups we add them to manage to execute or change some parameters during the logon script.

My first thought was GPOs> I checked on the gpmc.msc and I can see what GPOs are being filtered , when I checked the GPO settings, I see many parameters being set but I cannot see where these scripts are being called from.

So my question would be, where to start searching, if we want to know what a Security Group does or enables in a user session.

Thanks.

gegoameric
  • 11
  • 1
  • In the editor, you can click the "Settings" tab when you have a GPO selected and it generates a report where you can see what scripts are being run (if any). If it doesn't mention a path, the script is stored in the GPO's folder. – Nathan C Oct 21 '14 at 15:56

1 Answers1

2

Resultant Set of Policy (RSoP) run against one of these users would show you which, if any, Grouo Policy Objects (GPOs) are applying scripts.

There's also a "legacy" script setting that can be specified on the "Profile" tab of the user's Active Directory account. That won't show up in RSoP, so go check it manually. (You can also run net user (username) /domain to see the legacy logon script specification, too.)

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331