How does FastTrack Logon work?
FastTrack Logon is a free exe file that you must point your users' logon script to (see next section). When it executes,
it will do this on the client:
- Synchronize the FSH.Exe and logon script files to a configurable local cache folder to avoid copying the files at every logon.
- Execute your logon script from this client location.
- Associate the .fsh extension to the local profile copy of FSH.exe for the current user.
The first time each user logs on to a client, about 1.5 megabytes of data will be copied from the domain controller
to a configurable local cache folder. After that, copying will only happen when you change the files in
the fshbin folder on the domain controller, which means almost no traffic on subsequent logons. Anything you put in the domain controller's fshbin directory will be
synchronized to each client. There is no limitation as to how many files and directories can be put there.
The local copy of the files and the file association is per-user. This way you don't have to do anything
else for clients to support FastTrack Scripting Host (FSH) scripts in general for the logged on user. There is no need
for a per-machine deployment and this operation does not require the user to be a local administrator.
FastTrack Logon is certified to work on all current Windows versions (Win8/Win7/Vista/XP/2000/NT4 and 2012/2008/2003/2000 Server)
and it is possible to customize the client location of files and other settings.
Please refer to the FastTrack Logon customization page
for customized settings.
The process to set up logon scripts in three steps that we will walk through on this page:
- Set up a test logon script for yourself in your domain.
- Construct logon scripts.
- Assign the new logon script to users though group policies.
Step 1 of 3: Setting up a test logon script for yourself in your domain
The first step is to ensure that the logon script actually executes. The best way to do this is to try without
group policies first, to make sure it is only assigned to a few users initially. This is a safe method as it doesn't interfere
with current logon scripts. If you prefer a video tutorial version of the setup steps, please refer to the video further down.
Follow these simple steps to try it without group policies:
- Locate FTLogon.Zip in the installation directory in "FastTrack Software\FastTrack Scripting Host" within your Program Files directory.
- Unpack the full unedited content of ftlogon.zip into the netlogon share on your domain controller (\\%USERDOMAIN%\NETLOGON).
- Copy your FSH.Lic file from your installation directory to the FSHBin folder on your netlogon share.
- Open the properties of any domain user you wish to test with. Type in FTLogon.exe in the "Login script" textbox under the "Profile" tab.
Note that if the files were not unpacked to the root of the netlogon share, FTLogon.exe must be prefixed with it's path relative to the root.
- Make sure the logon script for the user is not overruled by group policies.
Log into any workstation in the domain as the user for whom you just modified the login script property.
The sample logon script should now show a splash screen saying "Welcome to the network" for 5 seconds.
You are now ready to make your logon scripts, but first please pay attention to these two Group Policy settings:
If you have not enabled the group policy "Run logon script synchronously", the first part of the logon script may not execute
before the explorer starts, but only the first time a user logs on. This is normally not critical, but is not intended.
FastTrack Logon will automatically set the logon script setting to run synchronously, if there is no policy set.
However, at the very first logon, Windows may have spawned the Explorer before the default setting can be changed.
From the second time a user logs on, the logon script runs synchronously, unless disabled by policies.
It is therefore recommended that this policy is set actively.
To enable synchronously logon script execution, please set the group policy "Run logon script synchronously" under
"User Configuration->Administrative Templates->System->Scripts" to "Enabled".
By default on Windows Vista and newer, the first part of the logon script will run hidden under the "Welcome" screen,
unless it takes more than 30 seconds to execute. Your logon script will run fine with the default Windows setting, but not visibly.
In most scenarios, this is not desirable, because FastTrack Logon Scripts typically use graphical user interfaces, for
example asking for printers in a menu or showing the progress of a backup.
To have your logon script run visibly, a Group Policy setting has to be set for Windows Vista or newer operating systems.
Please refer to this page
for more information.
Step 2 of 3: Construct logon scripts
Take a look at the fshbin folder on your netlogon share. In this directory there is a logon script
template to help you get started. Two files are executed by FastTrack Logon: Prelogon.fsh and Postlogon.fsh.
From these scripts you can include other scripts that you would like to execute.
As the name suggests, PreLogon.fsh is executed before
the explorer starts. You know that the user
cannot interfere with what you do here, so apart from connecting shares, this presents a good opportunity
to backup documents and maybe perform installations.
Anything that doesn't have
to be completed prior to the user commencing work, can be done in PostLogon.fsh,
which is executed after
the explorer starts. This could include the connection of printers and
synchronizing the computer clock.
You can open any one of them and execute them directly from the script editor or you can change the
files and logon to a computer to test the scripts.
During your initial construction, it is recommended that you change the setting "StopOnError" from "false" to "true" in FTLogon.ini
(see the Customizing FastTrack Logon
page for more information) to make your logon script stop on errors,
so your know, if your scripts fail. Once scripts are completed, you should change the setting back to "false" to avoid showing users execution errors.
It is also recommended at this point to modify the errorhandler.fsh to log execution errors to a network share.
Step 1 and 2 summary
Watch Senior Technical Writer Steve Dodson from Binary Research International walk you through the
steps 1 and 2.
Step 3 of 3: Assign group policies and disable error messages
Once you are happy with your logon scripts, you must assign it to the masses.
Unless you have only a few users in your domain, the logon script should be assigned with Group Polices, as follows:
- Run the command gpmc.msc on your domain controller.
- Find and open your user's OU (Organizational Unit) and create a new policy (or use an existing one).
- Windows 2003 Server: Open User Configuration->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
- Windows 2008 Server: Open User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
- Click the add button and select the file \\%USERDOMAIN%\NETLOGON\FTLogon.exe as logon script name. You can optionally change
%USERDOMAIN% to the actual dns name of your domain. If FTLogon.exe was not put in the root of the netlogon share, the subpath must be added.
Logon to a client and test that the script is now executed. If you have set the logon script manually on some test users' profiles, you should remove it again.
Final notes and tips
FastTrack Logon versus other solutions
The solution presented on this page using FastTrack Logon is the recommended solution, because it will consume the least
possible network bandwidth over any other type of logon script. But it is not the only way to set up
logon scripts with FastTrack Scripting Host.
For example, you could simply create a new script in the script editor, hit the "Compile Script To
" button, save the
output exe file to the netlogon share and assign users' logon script to the exe file. This is quicker to set up, but is less
scalable than the proposed solution above. If you do not want to replace your existing logon script in general, you could
create parts of the logon script (like a SyncDir-based backup), compile this logon script bit into an exe file and simply call
that from your existing logon script.
Using your company logo
The prelogon.fsh script shows a splash screen by default. The Splash command can take an image
file as the third parameter. If the image file is 128x128 or less, the icon will be replaced
by your image file. (png format is recommended, as it supports transparency.) If the
image is exactly 537x165 pixels, the whole background will be replaced by your skin file and
the logo icon will be removed.
The easiest way to get your image file to the clients is to simply put it into the fshbin
folder on your netlogon share, as it automatically gets distributed to the clients and
refers to that location, as shown below with an image file called Logo.png. Logo.png would then
be located in the same directory on the client as the executing FSH.exe, thus a full path is not
to Rock America,[UserFullName],Logo.png
Startup, shutdown and logoff scripts
You can use FastTrack Logon for startup, shutdown and logoff scripts too: Simply copy the FastTrack Logon package
to your sysvol policy folders on your domain controller and then modify the PreLogon.fsh and PostLogon.fsh scripts.
Please refer to setting up startup scripts page
for more information
on setting up startup scripts.
VPN logon scripts
VPN logon scripts are not supported on the Windows platform, but we have made a free application to support this.
Your domain enables you to execute scripts when computers are on the company LAN, but for portable computers, this is
insufficient. You need to control portable computers when they are not on the company LAN too. Whenever a computer
changes IP address, a script is executed, which means that it is executed whenever the computer is booted, is
resumed-from-standby/hibernation, connects to a VPN (Virtual Private Network), etc. This is especially relevant
if your company has a proxy server, as the IE autodetection rarely works properly.
Check out our SmartDock
tool page for more information.
Remote Desktop Services, Citrix and Virtual Machines
If you use using Remote Desktop Services, you are served the same logon script as you do on workstations. If you would like a different
logon script on Remote Desktop Services, you can put a construct like this in the beginning of the prelogon.fsh script to run a specific
Remote Desktop Services script:
''...the rest of the regular
In this example, you must make a script named TSLogonScript.fsh in the root of fshbin on your domain controller.
In the postlogon.fsh you can put a similar construct like this in as the first line:
When you use Citrix, you can specify a specific logon script for the users. This means that you can make a copy of FastTrack
logon and the configuration file specific to Citrix. If you do not want execution on virtual machines, you can use the
Hypervisor condition to do so, for example: