1. Home
  2. Knowledge Base
  3. Test Case Scenarios
  4. ADCE – Process User Logon Script over VPN connection

ADCE – Process User Logon Script over VPN connection

Overview

You can enable the processing Active Directory user logon script by configuring this policy.  In the GPO setting, if you set the option Run in command line the script will be processed in the command shell, as if cmd /c “{script path}” was used.

Purpose

This article provides instructions on testing the SYNERGIX AD Client Extensions software.  Execute User Logon Scripts feature is configured using the GPO Administrative Template file.  After installing the Administrative Template file, the policy setting can be found under COMPUTER CONFIGURATION \ Administrative Templates \ SYNERGIX AD Client Extensions \ Scripts\Execute User Logon Scripts.  The Explain tab of the Group Policy setting provides online instructions on configuring the feature.

Prerequisites

Operating System

  • Microsoft Windows 7.0 or
  • Microsoft Windows 8.1 or
  • Microsoft Windows 10 or
  • Microsoft Windows Server 2008 & R2 or
  • Microsoft Windows Server 2012 & R2 or
  • Microsoft Windows Server 2016


.NET Framework

  • .NET Framework 4.0


Software


Active Directory Domain Environment

  • Single Active Directory Domain environment i.e. Single Forest with Forest Root Domain only example. SYNERGIX.WIN
    • You can setup a more complex Active Directory Domain environment, if needed.  For example, one forest SYNERGIX.WIN with child domains US.SYNERGIX.WIN, and GB.SYNERGIX.WIN and a trusted forest SYNERGIXLABS.WIN with child domains US.SYNERGIXLABS.WIN, GB.SYNERGIXLABS.WIN

  • Security Group(s)

* Not required for this feature


  • Delegate Control

*Not required for this feature


  • Configure domain Group Policy Object
    • Copy SYNERGIX AD Client Extensions Administrative Template file  SYNERGIX-ADCE.ADMX to %SystemRoot%\PolicyDefinitions on admin workstation (must be Windows 7.0)
    • Copy SYNERGIX AD Client Extensions Administrative Template Language fileSYNERGIX-ADCE.ADML to %SystemRoot%\PolicyDefinitions\en-US on same admin workstation ( must be Windows 7.0 )
    • Execute User Logon Script


Configure User Logon Script

  •  Launch Active Directory Users and Computers using DSA.MSC command
  • Expand OU containing User objects
  • Select a user object
  • Right mouse click on the selected user object and select Properties in the context menu.
  • Click on the Profile tab and select Logon script
  • Specify a script file. Example userLogon.vbs

Note: The script file name cannot be a long file name. It should not contact any space characters or any other symbol.

  • Click on OK to commit the changes.


Configure AD Client Extension “Execute User Logon Scripts” feature

  • Launch GPMC.MSC.  Select existing or new Group Policy Object you wish to configure.
  • Expand COMPUTER CONFIGURATION
  • Expand Policies
  • Expand Administrative Templates
  • Expand Scripts
  • Double Click on “Execute User Logon Scripts” and enable it.
  • Specify the Minimum Run Interval (in minutes), by default it is 1 min.
    • If you do not wish for the User Logon Script to be processed every time a user connects via VPN on the same day, you can set the Minimum Run Interval to a higher value. For instance, if you set the value to 1,440 mins, the User Logon Script will be processed only once a day.
  • Specify Logon script execution timeout in minutes, by default it is 5 min.
  • Additionally, you can configure other options

Run in Command line

Copy script file locally

Always copy the script file locally

Delete local script file after script execution


More Information


Procedure

  • Log into a domain computer with the domain user account (your admin account) that has local administrative privileges on the workstation.
  • Ensure the SYNERGIX AD Client Extensions specific Group Policy settings were applied
    • Launch RSOP.MSC or run GPRESULT.EXE /v to confirm
  • Install SYNERGIX AD Client Extensions software
  • Log out
  • Log into to the same domain computer with a normal domain user account.
  • Now disconnect the network cable or drop the VPN connection from your test machine
  • Login with your normal domain user account.  This login will use cached credential.
  • Re-connect to your corporate network. You should notice the logon script get executed once theMinimum Run Interval has elapsed
    • If you wish to re-run the test and not wait for the Minimum Run Interval period to elapse, you can remove the lastUpdate registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Synergix\ADCE\Scripts\Execute User Logon Script


Test Results

  • Pass or
  • Fail

  • Test Results Submission

  • Complete the Test Environment worksheet
  • Upload test results document file to software test repository
  • Upload log files
    1. ServiceLogfile.txt
    2. ClientLogfile.txt
    3. Output of GPRESULTS.EXE /V command

    Note: You must use ADCE \ Help \ Submit Log Files button to zip up above 3 files and submit

    Was this article helpful?

    Related Articles