Search
Citrix Ready
Home
Solutions
Download
Purchase
Documentation
Get Help
Reseller
My Account
Testimonials
Customers
Contact
Fasttrack Global

Setting up logon scripts

Wouldn't it be great if your users see a screen like the one below with your company name and logo on it, when logging on?

While all they see is the splash screen, you can connect shares and printers, apply user settings, perform maintenance, backup documents and so forth with very few script lines.

The logon script used below does not actually connect anything, but the total script is - 6 script lines! Just follow the simple guide below to set this up.


How does FastTrack Logon work?

FastTrack Logon is a free exe file that you must point your users' logon script to (see next section). When it executes, it will do this on the client:
  • Synchronize the FSH.Exe and logon script files to a configurable local cache folder to avoid copying the files at every logon.
  • Execute your logon script from this client location.
  • Associate the .fsh extension to the local profile copy of FSH.exe for the current user.
The first time each user logs on to a client, about 1.5 megabytes of data will be copied from the domain controller to a configurable local cache folder. After that, copying will only happen when you change the files in the fshbin folder on the domain controller, which means almost no traffic on subsequent logons. Anything you put in the domain controller's fshbin directory will be synchronized to each client. There is no limitation as to how many files and directories can be put there.

The local copy of the files and the file association is per-user. This way you don't have to do anything else for clients to support FastTrack Scripting Host (FSH) scripts in general for the logged on user. There is no need for a per-machine deployment and this operation does not require the user to be a local administrator. FastTrack Logon is certified to work on all current Windows versions (Win8/Win7/Vista/XP/2000/NT4 and 2012/2008/2003/2000 Server) and it is possible to customize the client location of files and other settings. Please refer to the FastTrack Logon customization page for customized settings.

The process to set up logon scripts in three steps that we will walk through on this page:
  • Set up a test logon script for yourself in your domain.
  • Construct logon scripts.
  • Assign the new logon script to users though group policies.


Step 1 of 3: Setting up a test logon script for yourself in your domain

The first step is to ensure that the logon script actually executes. The best way to do this is to try without group policies first, to make sure it is only assigned to a few users initially. This is a safe method as it doesn't interfere with current logon scripts. If you prefer a video tutorial version of the setup steps, please refer to the video further down.

Follow these simple steps to try it without group policies:
  • Locate FTLogon.Zip in the installation directory in "FastTrack Software\FastTrack Scripting Host" within your Program Files directory.
  • Unpack the full unedited content of ftlogon.zip into the netlogon share on your domain controller (\\%USERDOMAIN%\NETLOGON).
  • Copy your FSH.Lic file from your installation directory to the FSHBin folder on your netlogon share.
  • Open the properties of any domain user you wish to test with. Type in FTLogon.exe in the "Login script" textbox under the "Profile" tab.
    Note that if the files were not unpacked to the root of the netlogon share, FTLogon.exe must be prefixed with it's path relative to the root.
  • Make sure the logon script for the user is not overruled by group policies.
That's it! Log into any workstation in the domain as the user for whom you just modified the login script property. The sample logon script should now show a splash screen saying "Welcome to the network" for 5 seconds. You are now ready to make your logon scripts, but first please pay attention to these two Group Policy settings:

Run logon script synchronously
If you have not enabled the group policy "Run logon script synchronously", the first part of the logon script may not execute before the explorer starts, but only the first time a user logs on. This is normally not critical, but is not intended.

FastTrack Logon will automatically set the logon script setting to run synchronously, if there is no policy set. However, at the very first logon, Windows may have spawned the Explorer before the default setting can be changed. From the second time a user logs on, the logon script runs synchronously, unless disabled by policies.

It is therefore recommended that this policy is set actively. To enable synchronously logon script execution, please set the group policy "Run logon script synchronously" under "User Configuration->Administrative Templates->System->Scripts" to "Enabled".
Unhiding on Windows 8/7/Vista/2012/2008
By default on Windows Vista and newer, the first part of the logon script will run hidden under the "Welcome" screen, unless it takes more than 30 seconds to execute. Your logon script will run fine with the default Windows setting, but not visibly.

In most scenarios, this is not desirable, because FastTrack Logon Scripts typically use graphical user interfaces, for example asking for printers in a menu or showing the progress of a backup.

To have your logon script run visibly, a Group Policy setting has to be set for Windows Vista or newer operating systems. Please refer to this page for more information.


Step 2 of 3: Construct logon scripts

Take a look at the fshbin folder on your netlogon share. In this directory there is a logon script template to help you get started. Two files are executed by FastTrack Logon: Prelogon.fsh and Postlogon.fsh. From these scripts you can include other scripts that you would like to execute.

As the name suggests, PreLogon.fsh is executed before the explorer starts. You know that the user cannot interfere with what you do here, so apart from connecting shares, this presents a good opportunity to backup documents and maybe perform installations.

Anything that doesn't have to be completed prior to the user commencing work, can be done in PostLogon.fsh, which is executed after the explorer starts. This could include the connection of printers and synchronizing the computer clock.

You can open any one of them and execute them directly from the script editor or you can change the files and logon to a computer to test the scripts.

Make sure that you have a look at our Logon Script Examples page for practical copy/pastable examples.

Error handling
During your initial construction, it is recommended that you change the setting "StopOnError" from "false" to "true" in FTLogon.ini (see the Customizing FastTrack Logon page for more information) to make your logon script stop on errors, so your know, if your scripts fail. Once scripts are completed, you should change the setting back to "false" to avoid showing users execution errors. It is also recommended at this point to modify the errorhandler.fsh to log execution errors to a network share.


Step 1 and 2 summary

Watch Senior Technical Writer Steve Dodson from Binary Research International walk you through the steps 1 and 2.



Step 3 of 3: Assign group policies and disable error messages

Once you are happy with your logon scripts, you must assign it to the masses. Unless you have only a few users in your domain, the logon script should be assigned with Group Polices, as follows:
  • Run the command gpmc.msc on your domain controller.
  • Find and open your user's OU (Organizational Unit) and create a new policy (or use an existing one).
  • Windows 2003 Server: Open User Configuration->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
  • Windows 2008 Server: Open User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
  • Click the add button and select the file \\%USERDOMAIN%\NETLOGON\FTLogon.exe as logon script name. You can optionally change
    %USERDOMAIN% to the actual dns name of your domain. If FTLogon.exe was not put in the root of the netlogon share, the subpath must be added.
Logon to a client and test that the script is now executed. If you have set the logon script manually on some test users' profiles, you should remove it again.


Final notes and tips


FastTrack Logon versus other solutions

The solution presented on this page using FastTrack Logon is the recommended solution, because it will consume the least possible network bandwidth over any other type of logon script. But it is not the only way to set up logon scripts with FastTrack Scripting Host. For example, you could simply create a new script in the script editor, hit the "Compile Script To Exe File" button, save the output exe file to the netlogon share and assign users' logon script to the exe file. This is quicker to set up, but is less scalable than the proposed solution above. If you do not want to replace your existing logon script in general, you could create parts of the logon script (like a SyncDir-based backup), compile this logon script bit into an exe file and simply call that from your existing logon script.

Using your company logo

The prelogon.fsh script shows a splash screen by default. The Splash command can take an image file as the third parameter. If the image file is 128x128 or less, the icon will be replaced by your image file. (png format is recommended, as it supports transparency.) If the image is exactly 537x165 pixels, the whole background will be replaced by your skin file and the logo icon will be removed.

The easiest way to get your image file to the clients is to simply put it into the fshbin folder on your netlogon share, as it automatically gets distributed to the clients and refers to that location, as shown below with an image file called Logo.png. Logo.png would then be located in the same directory on the client as the executing FSH.exe, thus a full path is not necessary.

Splash Welcome to Rock America,[UserFullName],Logo.png

Startup, shutdown and logoff scripts

You can use FastTrack Logon for startup, shutdown and logoff scripts too: Simply copy the FastTrack Logon package to your sysvol policy folders on your domain controller and then modify the PreLogon.fsh and PostLogon.fsh scripts. Please refer to setting up startup scripts page for more information on setting up startup scripts.

VPN logon scripts

VPN logon scripts are not supported on the Windows platform, but we have made a free application to support this. Your domain enables you to execute scripts when computers are on the company LAN, but for portable computers, this is insufficient. You need to control portable computers when they are not on the company LAN too. Whenever a computer changes IP address, a script is executed, which means that it is executed whenever the computer is booted, is resumed-from-standby/hibernation, connects to a VPN (Virtual Private Network), etc. This is especially relevant if your company has a proxy server, as the IE autodetection rarely works properly. Check out our SmartDock connectivity tool page for more information.

Remote Desktop Services, Citrix and Virtual Machines

If you use using Remote Desktop Services, you are served the same logon script as you do on workstations. If you would like a different logon script on Remote Desktop Services, you can put a construct like this in the beginning of the prelogon.fsh script to run a specific Remote Desktop Services script:

If RemoteSession Then

  Include TSLogonScript.fsh

  Exit

End If

 

''...the rest of the regular logon script

In this example, you must make a script named TSLogonScript.fsh in the root of fshbin on your domain controller. In the postlogon.fsh you can put a similar construct like this in as the first line:

If RemoteSession Then Exit

When you use Citrix, you can specify a specific logon script for the users. This means that you can make a copy of FastTrack logon and the configuration file specific to Citrix. If you do not want execution on virtual machines, you can use the Hypervisor condition to do so, for example:

If VirtualMachine Then Exit


NOAA GLS Maersk Kawasaki Disney Goodyear Telenor AJG All testimonials ->
More customers ->
Starters Advanced Starters Logon Scripts Scripting Licensing Help Corporate
Product overview User interfaces Setting up Outlook Signatures Buy online Free webinar Contact us
Functional overview Executing programs Examples SQL Server Licensing FAQ Forums Referral rewards
Documentation index Embed PS and VBS Unhiding on Win 7 Active Directory Download Search site Become reseller
Getting started guide KiXtart conversion Laptop backups Registry Request quote Find professional Advertise
10 problems solved Custom commands Startup scripts WMI Find a reseller Contact support Press kit
Path functions Compile into exe Customizing FTLogon FTP Release history Videos Testimonials
How to examples Compile into msi VPN scripts COM     Customers
Videos Encryption UAC considerations          
             
Server Automation Client Automation Thin Computing Cloud and Mobile
We are here to help. If you have a product or evaluation question or you need pre-sales assistance, write to us by email here or call us at +1 262-299-4600.
From outside USA and Canada, please contact us in the UK by email here or call us at +44 (0)330-100-2790.
Data replication Installations Citrix XenApp Cloud inventory
RemoteApp launchers SCCM tasks Remote Desktop Inventory demo
Farm app deployment WDS deployment Building a Kiosk PC Deploying Inventory
Account cleanup TeamViewer Printer remapping SkyBox Inventory
Password expiry Malwarebytes    
Current version: 8.5 - What's new © 2005-2013 FastTrack Software