6.8.3 Group Policy Script Settings
You can use Group Policy script settings to centrally configure scripts to run automatically at startup and
shutdown or when users log on and log off. These include batch files, executable programs, and Windows
Script Host–supported scripts.
• You can run pre-defined scripts to manage user environments until you configure Group Policy to
replace the tasks that these scripts perform.
• You can run scripts that perform tasks that cannot be configured through Group Policy settings
• You can use scripts to remove connections that you added with logon or startup scripts when users log
off and shut down computers so that the computer is returned to the same state that it was when the user
started the computer.
Note: You can assign logon scripts to individual user accounts in the
Properties dialog box for each user account. However, Group Policy is the
preferred method of running scripts because you can manage these scripts
centrally, along with startup, shutdown, and logoff scripts
Windows Server 2003 executes scripts in the order that they are listed on the Script tab of the Script
Properties dialog box. The scripts that are applied last are ultimately applied, thus if there is a conflict
between different scripts, the script that is processed last prevails. You should also run scripts that are
dependant on the successful execution of another script in the correct order.
When a user starts a computer the startup scripts are run synchronously. Each of these scripts must complete
or time out before the next one starts. Then when the user logs on, logon scripts are run. These are also run
synchronously. Non–Group Policy logon scripts that are associated with a specific user account run after the
Group Policy logon scripts run for the user account.
When a user logs off and shuts down a computer logoff scripts and shutdown scripts are run.
Note: The default timeout value for processing scripts is 10 minutes.
Therefore, if a script requires more than 10 minutes to process, you must
adjust the timeout value by configuring the wait time for Group Policy
Computer Configuration\Administrative Templates\System\Logon\Maximum wait time
This setting affects all scripts that run.
You can use Windows Server 2003 to redirect folders, which are part of the user profile, from users’ local
hard disks to a central location on a server. By redirecting these folders, you can ensure that users’ data is in
a central location, which makes it easier to manage and back up. Also, you can ensure that users’ data is
available to them. The folders that you can redirect are My Documents, Start Menu, Desktop, and
Application Data. Windows Server 2003 automatically creates these folders and makes them part of the
user profile for each user account.