How does FastTrack Logon work?

FastTrack Logon is a free exe file that you must point your users' logon script to (see next section). When it executes, it will do this on each client:

• Synchronize the FSH.Exe and logon script files to a folder named FastTrack under the Application Data folder in the user's profile.
• Execute your logon script from this client location.
• Associate the .fsh extension to the local profile copy of FSH.exe.

The first time each user logs on to a client, about 1.5 megabytes of data will be copied from the domain controller to the non-roaming part of the user's profile. After that, copying will only happen when you change the files in the fshbin folder on the domain controller, which means almost no traffic on subsequent logons. Anything you put in the domain controller's fshbin directory will be synchronized to each client. There is no limitation as to how many files and directories can be put there.

The local copy of the files and the file association is per-user. This way you don't have to do anything else for clients to support FastTrack Scripting Host (FSH) scripts in general. There is no need for a per-machine deployment and this operation does not require the user to be a local administrator. FastTrack Logon is fully supported on all current Windows versions (7/Vista/XP/2000/NT4 and 2008/2003/2000 Server) and it is possible to customize the client location of files and other settings. Please refer to the FastTrack Logon customization page for more information.

Step 1: Setting up logon scripts in your domain

The first step is to ensure that the logon script actually executes on your network. The best way to do this is to try it without group policies to make sure it is only assigned to a few users initially. This is a safe method as it doesn't interfere with current logon scripts. If you prefer a video tutorial version of the setup steps, please refer to the video version further down.

Follow these simple steps to try it without group policies:

• Locate FTLogon.Zip in the installation directory in "FastTrack Software\FastTrack Scripting Host" within your Program Files directory.
• Unpack the full unedited content of ftlogon.zip into the netlogon share on your domain controller (\\%USERDOMAIN%\NETLOGON).
• Copy your FSH.Lic file from your installation directory to the FSHBin folder on your netlogon share.
• Open the properties of any domain user you wish to test with. Type in FTLogon.exe in the "Login script" textbox under the "Profile" tab.
  Note that if the files were not unpacked to the root of the netlogon share, FTLogon.exe must be prefixed with it's path relative to the root.
• Make sure the logon script for the user is not overruled by group policies.

That's it! Log into any workstation in the domain as the user for whom you just modified the login script property. The sample logon script should now show a splash screen saying "Welcome to the network" for 5 seconds. You are now ready to make your logon scripts. If you have problems executing the logon script, please refer to the Logon Script FAQ page.

Notes on general logon script group policy settings

If you have not enabled the group policy "Run logon script synchronously", the first part of the logon script may not execute before the explorer starts at first logon. FastTrack Logon will automatically set the logon script to run synchronously, if there is no policy set. However, as FastTrack Logon like any other logon script executes after Windows has enforced the policy, the first logon for each user may not run synchronously as intended. To enable synchronously logons, please set the group policy "Run logon script synchronously" under "User Configuration->Administrative Templates->System->Scripts" to "Enabled". If you have reservations doing this while testing, log on twice to have the logon script execute as intended.

For Windows 7 and Vista clients: The first part of the logon script will run hidden under the "Welcome" screen, because the logon script is hidden by default, unless it takes more than 30 seconds to execute. To prove that your script is actually executing, the default demo logon script will show a message at logon. To unhide your logon script on Windows 7 and Vista machines, please refer to this page.

Step 2: Make logon scripts

Take a look at the fshbin folder on your netlogon share. In this directory there is a logon script template to help you get started. Two files are executed by FastTrack Logon: Prelogon.fsh and Postlogon.fsh. From these scripts you can include other scripts that you would like to execute.

As the name suggests, PreLogon.fsh is executed before the explorer starts. You know that the user cannot interfere with what you do here, so apart from connecting shares, this presents a good opportunity to backup documents and maybe perform installations.

Anything that doesn't have to be completed prior to the user commencing work, can be done in PostLogon.fsh, which is executed after the explorer starts. This could include the connection of printers and synchronizing the computer clock.

You can open any one of them and execute them directly from the script editor or you can change the files and logon to a computer to test the scripts. If you are not yet familiar with FastTrack scripts, you should read our Getting Started Guide.

For practical copy/pastable content examples, please have a look at our Logon Script Examples page.

Step 1 and 2 summary

Watch Senior Technical Writer Steve Dodson from Binary Research International walk you through the steps 1 and 2.

FastTrack Logon versus other solutions

The solution presented on this page using FastTrack Logon is the recommended solution, because it will consume the least possible network bandwidth over any other type of logon script. But it is not the only way to set up logon scripts with FastTrack Scripting Host. For example, you could simply create a new script in the script editor, hit the "Compile Script To Exe File" button, save the output exe file to the netlogon share and assign users' logon script to the exe file. This is quicker to set up, but is less scalable than the proposed solution below. If you do not want to replace your existing logon script in general, you could create parts of the logon script (like a SyncDir-based backup), compile this logon script bit into an exe file and simply call that from your existing logon script.

Step 3: Assign group policies and disable error messages

Once you are happy with your logon scripts, you must assign it to the masses. Unless you have only a few users in your domain, the logon script should be assigned with Group Polices, as follows:

• Run the command gpmc.msc on your domain controller.
• Find and open your user's OU (Organizational Unit) and create a new policy (or use an existing one).
• Windows 2003 Server: Open User Configuration->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
• Windows 2008 Server: Open User Configuration->Policies->Windows Settings->Scripts (Logon/Logoff). Double click "Logon".
• Click the add button and select the file \\%USERDOMAIN%\NETLOGON\FTLogon.exe as logon script name. You can optionally change
  %USERDOMAIN% to the actual dns name of your domain. If FTLogon.exe was not put in the root of the netlogon share, the subpath must be added.

Logon to a client and test that the script is now executed. At this point, it is highly recommended that you change the setting "StopOnError" from "True" to "False" in FTLogon.ini (see the Logon Script FAQ page for more information) and modify the errorhandler.fsh to log errors to a network share. This will ensure that no user will ever see an error message during logon and that runtime errors are instead logged.

Using your company logo

The prelogon.fsh script shows a splash screen by default. The Splash command can take an image file as the third parameter. If the image file is 128x128 or less, the icon will be replaced by your image file. (png format is recommended, as it supports transparency.) If the image is exactly 537x165 pixels, the whole background will be replaced by your skin file and the logo icon will be removed.

The easiest way to get your image file to the clients is to simply put it into the fshbin folder on your netlogon share, as it automatically gets distributed to the clients and refers to that location, as shown below with an image file called Logo.png. Logo.png would then be located in the same directory on the client as the executing FSH.exe, thus a full path is not necessary.

Notes on startup, shutdown and logoff scripts

You can use FastTrack Logon for startup, shutdown and logoff scripts too: Simply copy the FastTrack Logon package to your sysvol policy folders on your domain controller and then modify the PreLogon.fsh and PostLogon.fsh scripts. Please refer to setting up startup scripts page for more information on setting up startup scripts.

Notes on offline scripts Offline logon scripts are not supported on the Windows platform, but we have made a free application to support this. Your domain enables you to execute scripts when computers are on the company LAN, but for portable computers, this is insufficient. You need to control portable computers when they are not on the company LAN too. Whenever a computer changes IP address, a script is executed, which means that it is executed whenever the computer is booted, is resumed-from-standby/hibernation, connects to a VPN (Virtual Private Network), etc. This is especially relevant if your company has a proxy server, as the IE autodetection rarely works properly. Check out our SmartDock connectivity tool page for more information.

Notes on Remote Desktop Services and Citrix

If you use using Terminal Server, you are served the same logon script as you do on workstations. If you would like a different logon script on Remote Desktop Services, you can put a construct like this in the beginning of the prelogon.fsh script to run a specific Terminal Server script:
In this example, you must make a script named TSLogonScript.fsh in the root of fshbin on your domain controller. In the postlogon.fsh you can put a similar construct like this in as the first line:
When you use Citrix, you can specify a specific logon script for the users. This means that you can make a copy of FastTrack logon and the configuration file specific to Citrix.

Notes on virtual machines

Virtual machines cannot be detected in a generic way. The only way to detect that a script is running on a virtual machine is to look at the BIOS information, which is an emulated BIOS. The information will be different whether the virtual machine is VMWare, Hyper-V or other emulation software. This construct will detect if the script is running on Hyper-V or VMWare and exit, in case it is:

What they say

Don't take our word for it! Listen to other people's thoughts about FastTrack Scripting Host.