Setting up startup scripts

Startup scripts work the same way as logon scripts, except that they execute when the computer is turned on and are run invisibly under the local system account.

Under Windows XP, the user is not given the opportunity to logon until startup scripts have finished. On later operating systems, startup scripts run in the background, when the computer is turned on.

Startup scripts are useful for performing maintenance tasks, but are also sometimes favored over running installations from logon scripts, because they run as local system and are, therefore, executing with full administrative local permissions without being under User Account Control (UAC).

Startup Scripts

Setting up a FastTrack Logon

On this page we will go through one possible way of setting up startup scripts with FastTrack Logon. Please refer to the logon scripts page and the FastTrack Logon configuration page for more information on FastTrack Logon.

An alternative, and in many case better, solution is to simply create a new script in the script editor, hitting the "Compile Script To Exe File" button and simply assign this exe file as the startup script. As described on the logon scripts page, this solution is very easy to set up, but is less scalable.

Startup script files are, by default, located in C:\Windows\SysVol\<DomainName>\Polices\<PolicyGUID>\Machine\Scripts\Startup. They can, however, execute from any other public network location, e.g. the netlogon share. In this example, we will make a copy of FastTrack Logon on the netlogon share for script execution. It is also possible to keep the default naming of FastTrack Logon files and place them in the policy folder.

We will assume that FastTrack Logon is already being used for user logon scripts, so we need to make a copy of the FastTrack Logon files. Assuming a logon script is already installed on the netlogon share, we need to copy logon script files:
  • Copy FTLogon.exe to PCLogon.exe
  • Copy FTLogon.ini to PCLogon.ini
  • Copy the fshbin folder tree to a folder named pcbin
If you have not set up a logon script, you can run the logon script wizard and simply assign it as a startup script instead of a logon script. Assuming an existing copy of FastTrack Logon was already present and the above is done, the file structure will look like this, when browsing the netlogon share for the startup script:

Windows 7 startup script example

PCLogon.ini must also be edited to match the changes:
  • "ServerDir" must be changed to "pcbin".
  • "PostLogonScript" must be cleared, as it is not required for startup scripts. (The postlogon.fsh file in the pcbin folder can be deleted.)
The PCLogon.ini file will look this after the modification:
[Settings]
ServerDir=pcbin
ClientDir=[AppDataDir]\FastTrack\[UserName]\[UserSID]
EngineExe=FSH.Exe
PreLogonScript=Prelogon.fsh
PostLogonScript=
StopOnTerminalServices=false
Debug=false
StopOnError=false
If the startup script is assigned to a computer, the prelogon.fsh script will now be the script that is executed when the computer starts. Edit the prelogon.fsh file to perform the desired startup operations.

Assign group policies

To get the startup script to execute, a group policy must be set. During testing, a test Organizational Unit (OU) could be created and the group policy could be assigned to this OU. The test computers could then be put into this OU.

To get the startup script to execute, a group policy must be set:
  • Run the command gpmc.msc on your domain controller.
  • Find the desired container or OU that contains your Group Policies.
  • Right-click the policy and select "Edit".
  • Open Computer Configuration->Policies->Windows Settings->Scripts (Startup/Shutdown). Double click "Startup".
  • Click the browse button and select the file \\%USERDOMAIN%\NETLOGON\PCLogon.exe as the script name. You can change %USERDOMAIN% to the actual dns name of your domain, if you prefer.

Establishing network credentials

A startup script is running under the local system account and therefore has no network credentials. This is not a problem when performing local maintenance, but if files are needed from the network, it is a big problem. However, FastTrack has a command to create the required token based on credentials: The "LogonUser" command can perform a logon as another user and impersonate this identity.

The example startup script below will logon to the network and copy the installation files for Adobe Reader and install that on the executing computer, assuming it has not been successfully installed before. It would be a good idea to insert a logging line in the ErrorHandler.fsh script to report problems.

/******************************************************

                 STARTUP SCRIPT TO INSTALL ADOBE READER

******************************************************/

 

If Not Installed Adobe Reader Then

  LogonUser Acme\AcmeInstaller,iWxV6ZzDTmtLadiKtD/KYw==

  MakeDir [TempDir]\TempInstall

  CopyDir \\AcmeServer\Installers$\Acrobat Reader\Bin,[TempDir]\TempInstall

  SetCurrentDir [TempDir]\TempInstall

  InstallMSI AcroRead.msi

  If Not LastLineFailed Then RegisterInstallation Acrobat Reader,9.0,1

  DeleteDir [TempDir]\TempInstall

End If



Rating: 5 out of 5

"Use this as a replacement for VBScript and PowerShell"

"It's easy to include attractive GUI elements in FastTrack scripts, beyond the basic dialog boxes and text input that VBScript offers ... Another powerful feature is the ability to distribute scripts as Windows Installer (.msi) or standard .exe files. Although interesting in its own right, this ability results in a much more intriguing capability: to repackage -- or wrap -- software installers as .msi files without using snapshots. If you've ever created an .msi installer file from before-and-after system snapshots, for use with a software distribution system such as Group Policy or SCCM, then you know how hit-and-miss the results can be."

Read full review


Rating: 8 out of 10

"Faster than the rest"

"We found the FastTrack syntax to be more transparent and easier to learn than Microsoft's PowerShell – the editor in particular provided good support in this regard. the Script Editor offers a large number of options from the command set through to simple output of graphical elements, which cannot be achieved at all with PowerShell or other solutions or only with a significantly greater level of effort."

"Anyone wanting to tackle the many hurdles in everyday admin and especially anyone for whom logon scripts and client automation is a priority will benefit from the variety of functions offered by FastTrack."

Review in English      Review in German