Setting up a FastTrack Logon
On this page we will go through one possible way of setting up startup scripts with FastTrack Logon.
Please refer to the
logon scripts page and the
FastTrack Logon configuration page for more information on FastTrack Logon.
|
An alternative, and in many case better, solution is to simply create a new script in the script editor, hitting the "Compile Script To
Exe File" button and simply assign this exe file as the startup script. As described on the logon scripts page,
this solution is very easy to set up, but is less scalable.
|
Startup script files are, by default, located in
C:\Windows\SysVol\<DomainName>\Polices\<PolicyGUID>\Machine\Scripts\Startup.
They can, however, execute from any other public network location, e.g. the netlogon share.
In this example, we will make a copy of FastTrack Logon on the netlogon share for script execution.
It is also possible to keep the default naming of FastTrack Logon files and place them in the policy folder.
We will assume that FastTrack Logon is already being used for user logon scripts, so we need to make a copy of the FastTrack Logon files.
Assuming a logon script is already installed on the netlogon share, we need to copy logon script files:
- Copy FTLogon.exe to PCLogon.exe
- Copy FTLogon.ini to PCLogon.ini
- Copy the fshbin folder tree to a folder named pcbin
If you have not set up a logon script, you can run the logon script wizard and simply assign it as a startup script instead of a logon script.
Assuming an existing copy of FastTrack Logon was already present and the above is done, the file structure will look like this,
when browsing the netlogon share for the startup script:
PCLogon.ini must also be edited to match the changes:
- "ServerDir" must be changed to "pcbin".
- "PostLogonScript" must be cleared, as it is not required for startup scripts. (The postlogon.fsh file in the pcbin folder can be deleted.)
The PCLogon.ini file will look this after the modification:
[Settings]
ServerDir=pcbin
ClientDir=[AppDataDir]\FastTrack\[UserName]\[UserSID]
EngineExe=FSH.Exe
PreLogonScript=Prelogon.fsh
PostLogonScript=
StopOnTerminalServices=false
Debug=false
StopOnError=false
If the startup script is assigned to a computer, the prelogon.fsh script will now be the script that is executed when
the computer starts. Edit the prelogon.fsh file to perform the desired startup operations.
Assign group policies
To get the startup script to execute, a group policy must be set. During testing, a test Organizational Unit (OU)
could be created and the group policy could be assigned to this OU. The test computers could then be
put into this OU.
To get the startup script to execute, a group policy must be set:
- Run the command gpmc.msc on your domain controller.
- Find the desired container or OU that contains your Group Policies.
- Right-click the policy and select "Edit".
- Open Computer Configuration->Policies->Windows Settings->Scripts (Startup/Shutdown). Double click "Startup".
- Click the browse button and select the file \\%USERDOMAIN%\NETLOGON\PCLogon.exe as the script name. You can change %USERDOMAIN% to the actual dns name of your domain, if you prefer.
Establishing network credentials
A startup script is running under the local system account and therefore has no network credentials. This is not a problem
when performing local maintenance, but if files are needed from the network, it is a big problem.
However, FastTrack has a command to create the required token based on credentials: The "LogonUser"
command can perform a logon as another user and impersonate this identity.
The example startup script below will logon to the network and copy the installation files for Adobe Reader
and install that on the executing computer, assuming it has not been successfully installed before. It would be
a good idea to insert a logging line in the ErrorHandler.fsh script to report problems.
/******************************************************
STARTUP SCRIPT TO INSTALL
ADOBE READER
******************************************************/
If Not Installed Adobe Reader Then
LogonUser Acme\AcmeInstaller,iWxV6ZzDTmtLadiKtD/KYw==
MakeDir [TempDir]\TempInstall
CopyDir \\AcmeServer\Installers$\Acrobat Reader\Bin,[TempDir]\TempInstall
SetCurrentDir [TempDir]\TempInstall
InstallMSI AcroRead.msi
If Not LastLineFailed Then RegisterInstallation Acrobat
Reader,9.0,1
DeleteDir [TempDir]\TempInstall
End If