Logon script - local copy/cache?

Similar Messages

• Logon Scripts for copying files in Windows 7

  Issues using Logon scripts to copy files in windows 7.  Its default is to append the file rather than copy and replace, which is what XP did.  How can I achieve the same results using
  logon scripts in W7 to copy any files to specified folders and replacing old files.  The reason for this is that we use a software that performs offsite/onsite updates and the only way all the users can have the correct version/tables is to either manually
  update each user in a 90+ user environment or use a logon script to perform the coping of the updates.  Unfortunately the software support won’t create a (while logging in to software) patch for this.  So we have to force it during the user logon.

  Hi Novice,
  It should depend on your script content. it's recommended you ask in the official scripting guys forum for professional help:
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
  Karen Hu
  TechNet Community Support

• Logon script as administrator.

  Dears,
  I have a very simple logon script to copy and install a small software, the issue is that users are not local admin to their computers due to which the script does not run, however if I login with a user with local admin power it works just fine.
  Is there a solution to such a case, where we can run the script with admin privileges ?? 
  Regards,
  MCP,MCTS(Vista),MCSA(Messaging)

  Dears,
  I have a very simple logon script to copy and install a small software, the issue is that users are not local admin to their computers due to which the script does not run, however if I login with a user with local admin power it works just fine.
  Is there a solution to such a case, where we can run the script with admin privileges ?? 
  Regards,
  MCP,MCTS(Vista),MCSA(Messaging)
  My question to you is does it have to happen at user logon??  Logon scripts always run under the user's credential so it can only work based on user's privilege.
  A few things you can consider:
  1) If you can package it as an MSI, use
  Group Policy Software Installation.
  2) Use a
  Startup script instead of a logon script.
  3) Use
  Group Policy Preference Schedule Task to run the installation at user logon as SYSTEM.

• How do I have an exe in a logon script run as a different user (either a domain admin or even the local system account)

  So, I'm having some problems getting a logon script to work.  I need a way to deploy the agent that we use via login/startup scripts and what I have works fine if the user has admin rights, or if UAC is disabled.  I've tried to convert the .exe
  to an .msi to make it easier, but the .msi never works and it's only distributed as an .exe.  We deploy this to different clients, I can't disable UAC in their environment unless they specifically tell us to.  Can anyone think of a way around this? 
  I've been searching for days and I'm just lost.  If we could execute the file as the system account, or connect to shares using a startup script instead of logon, that would be perfect.  Basically what it does is check to see if the process for the
  agent is running (agentmon.exe) so we don't attempt to install it if it is already installed, if it's not, then it calls on a different agent installer depending on the IP address of the system (for clients that have more than one location).  Here's what
  I've got written that works for me in my test environment:
  Const strAgent1 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup1.exe"
  Const strAgent2 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup2.exe"
  Const strAgent3 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup3.exe"
  Const strFolder = "C:\Temp\"
  Const Overwrite = True
  dim objFSO, objNIC1, arrNIC, strIP, strMask, objShell, objWMIService
  dim
  'Checks for Kaseya agent process, AgentMon.exe, exits if running
  Set objWMIService = GetObject ("winmgmts:")
  Set proc = objWMIService.ExecQuery("select * from Win32_Process Where Name='agentmon.exe'")
  If proc.count > 0 Then
      WScript.Quit
  End If
  'Instantiate a NIC configuration object
  Set objNIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
  'Instantiate a shell object
  Set objShell = CreateObject("wscript.shell")
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  'Create Temp Dir if it doesn't exist
  If Not objFSO.FolderExists(strFolder) Then
      objFSO.CreateFolder strFolder
  End If
  For Each arrNIC in objNIC1
      if arrNIC.IPEnabled then
          StrIP = arrNIC.IPAddress(i)
          strMask = arrNIC.IPSubnet(i)
          Set WshNetwork = WScript.CreateObject("WScript.Network")
      end if
  next
  Function NetworkID(Address, Mask)
      Dim AddressOctets, MaskOctets, Result, N
      AddressOctets = Split(Address, ".")
      MaskOctets = Split(Mask, ".")
      ReDim Result(UBound(AddressOctets))
      For N = 0 To UBound(AddressOctets)
          Result(N) = AddressOctets(N) And MaskOctets(N)
      Next
      NetworkID = Join(Result, ".")
  End Function
  Select Case NetworkID(strIP,strMask)
      Case "192.168.0.0"
      ' Kaseya install commands for 192.168.0.0 subnet
      objFSO.CopyFile strAgent1, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup1.exe"
      Case "192.168.1.0"
      ' Kaseya install commands for 192.168.1.0 subnet
      objFSO.CopyFile strAgent2, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup2.exe"
      Case "192.168.2.0"
      ' Kaseya install commands for 192.168.2.0 subnet
      objFSO.CopyFile strAgent3, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup3.exe"
      Case Else
      ' Some sort of error checking. Maybe a BLAT SMTP command to send an email
  End Select
  Set objWMIService = Nothing
  Set objNIC1 = Nothing
  Set objShell = Nothing
  Set WshNetwork = Nothing
  Wscript.quit

  You need to read the documentation carefully:
  The Deploy Agents install package is created using a Configure Automatic Account Creation wizard. The wizard copies agent settings from an existing machine ID or machine ID template and generates an install package called
  KcsSetup.All settings and pending agent procedures from the machine ID you copy from—except the machine ID, group ID, and organization ID—are applied to every new machine ID created with the package.
  Including Credentials in Agent Install Packages
  If necessary, an agent install package can be created that includes an administrator
  credentialto access a customer network. Credentials are only necessary if users are installing
  packages on machines and do not have administrator access to their network. The administrator credential is encrypted, never available in clear text form, and bound to the install package.
  ¯\_(ツ)_/¯

• Assign a local logon script using Group Policy

  Is there a way to assign a local logon script using Group Policy? The reason I ask is that I wrote a logon/logoff script that will record the date/time, user, and computer for everyone who logs on to any machine in the domain. Right now it's set on a domain
  GPO, so it works great for domain accounts, but I'd like to extend that functionality to local accounts as well. The only way I know how to do that would be to set my script to run using the local policy. Since I don't want to manually go around to all 400+
  machines in my domain, I would rather find a simpler way of modifying the local policy. Any ideas?

  Martin, thank you for your response. That's exactly the kind of out-of-the-box answer I was looking for, unfortunately, it looks like I can only do that for Logon scripts. I don't see an option for Logoff. (Maybe the took the Logoff functionality out?
  This article says there should be a Logoff item in the GPO, but they're talking about Windows 2000 in that article.)
  Matthias, I started playing around with what you said, and I noticed that the "Scripts" key only seems to show up on my Windows 7 clients. The XP workstations don't have that key. Plus I did some testing, and I think I can do it without having
  to mess with the registry at all.
  So I think I have a workable solution at the moment. I found
  this article that talks about copying Local Polices from one computer to another. I tried manually setting the Logon/Logoff scripts in the Local policy on a fresh machine. From that reference computer I copied the Scripts folder out of the %SYSTEMROOT%\System32\GroupPolicy\User
  directory. It also created a gpt.ini file in the %SYSTEMROOT%\System32\GroupPolicy directory. The gpt.ini file contained an attribute called gPCUserExtensionNames, and one called Version. The gPCUserExtensionNames attribute specified two GUIDs, which
  I assumed to be the GUIDs that identify the Local Policy. I tried manually creating the Local policy on several different machines, with several different Operating Systems, and those GUIDs always seemed to be the same (not sure why). So I copied the gpt.ini
  file off the reference machine as well. When I placed all of the files I copied from the reference machine on to a new machine, everything seemed to work just fine (no registry modification necessary), with one caveat. It seemed to be running the script twice.
  So I went back into the gpt.ini file and deleted one of the GUIDs listed under gPCUserExtensionNames, and now the script runs just once!
  So I think this solution will work ok for me. We don't have any other Local Policies in place, so demolishing all existing Local Policies is perfectly acceptable in my case. I'm just not sure if I'm doing any damage by copying the gpt.ini file from a reference
  machine (if anyone can expand on how that works, I would appreciate the peace of mind that I'm not making things worse by doing this). So all I need now is to write a Startup script, or an SCCM package to deliver the Logon scripts and associated ini files
  to the appropriate location on all the domain PCs. Easy enough to do on my own. If anyone knows of a reason why this method is a bad idea, please post here. I'll be testing it out on a handful of PCs in the mean time.
  Hi Guys,
  Will this solution work for my case? I have a forcereboot batch script that I need to load on the local policy (logoff script through GPEDIT) however I can only load it manually. I need to do it on multiple machines (approx 5000 computers). I am having
  trouble doing it using powershell. Is there any other options to do it? 
  Will I have to use the same GUID's you mentioned on the gpt.ini file? (gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}] since it refers to the local script and how about the version on the gpt.ini file?
  Thanks in advance.
  Dash
  https://social.technet.microsoft.com/Forums/en-US/1f636042-bcff-498d-93c0-e1aa89f80961/how-to-load-a-script-on-the-local-group-policy-on-multiple-computers?forum=mdopagpm

• Logon script for looping - searching - deleting - copy

  I was trying to do multiple functions within a logon script.  If nobody wants to write the script, can you please point me to the right resource to find how to code it.  I am completely new to this and need help.
  The logic is to have a list of files on the server which were recently updated(this list changes all the time), using these files you would loop and search for these same files on the end user's machine upon logging in.  When it finds that same file
  on the end user's machine you would delete the file from the end user's machine, then copy the new updated file from the server onto the end user's machine in the same location the previous one was deleted from.  If file not found on end user's machine
  then just copy new one without deleting anything in highest level directory.  When done, you would loop again until you went thru every file that was updated on the server.  The source directory will always be the same and the copy to directory on
  end user's machine will always be the same, but end user's machines have subdirectories and the files that will be getting updated are in both.  Any help in any fashion would be appreciated.
  We are in the process of migrating from XP to Windows 7.  While in XP, we only had to do a copy function in the logon script and it would copy over the old file and replace it.  But Windows 7 doesn't delete the old file, it appends the new one
  to the old one, making it hard for the software looking for these files to work properly when it sees two files instead of one current one.  Hopefully this makes sense, I can elaborate more if anyone wants to help and needs more details.  Thanks.

  I would definitely not recommend copying files to end user machines from a logon script.
  But you are right that this isn't a script-on-demand forum.
  You can post a script request here:
  https://gallery.technet.microsoft.com/scriptcenter/site/requests
  I would point out that, as with this forum, there is no service-level agreement that guarantees that someone will have the time do this work for you. You will need to provide a very detailed specification; your post here is very vague.
  However: It sounds to me like you don't have a scripting question but some kind of application architecture question.
  -- Bill Stewart [Bill_Stewart]

• Flash pushed via GPO, how to copy mms.cfg via logon script?

  I feel foolish for having to ask such a question, but I can't get it figured out.  I know very little about VBS scripting and need help pushing the mms.cfg file down to the clients via the logon script.  Can someone please provide me the proper commands to enter into our existing vbs scripts?  I sure would appreciate it!

  I got it figured out...well, kinda.  I gave up on trying to do it via the logon script and instead modified the GPO for the flash install to call a batch file in the startup script section.
  This is the contents of the batch file that I created:
  @echo off
  if exist "C:\WINNT\System32\Macromed\Flash\" goto :NT2k
  if exist "C:\WINDOWS\System32\Macromed\Flash\" goto :XPVista
  if exist "C:\Windows\System\Macromed\Flash\" goto :Legacy
  if exist "C:\Windows\SysWOW64\" goto :64bit
  goto :END
  :NT2k
  if exist C:\WINNT\System32\Macromed\Flash\mms.cfg goto :END
  xcopy \\SERVERNAME\NETLOGON\mms.cfg C:\WINNT\System32\Macromed\Flash\ /o /y
  goto :END
  :XPVista
  if exist C:\WINDOWS\System32\Macromed\Flash\mms.cfg goto :END
  xcopy \\SERVERNAME\NETLOGON\mms.cfg C:\WINDOWS\System32\Macromed\Flash\ /o /y
  goto :END
  :Legacy
  if exist C:\Windows\System\Macromed\Flash\mms.cfg goto :END
  xcopy \\SERVERNAME\NETLOGON\mms.cfg C:\Windows\System\Macromed\Flash\ /o /y
  goto :END
  :64bit
  if exist C:\Windows\SysWOW64\mms.cfg goto :END
  xcopy \\SERVERNAME\NETLOGON\mms.cfg C:\Windows\SysWOW64\ /o /y
  goto :END
  :END
  I've tested it on both an XP box and Windows 7 64-bit box and it works perfectly! The one thing I am not sure of is what directory the cfg file needs to go in for a 32-bit install of Windows 7.  We don't have any of those here yet, but that's something I'll have to remember once we do.  I hope this helps those out there trying to push the mms.cfg file via GPO to disable that auto-update feature!

• Help with logon script

  Hi
  We have a legacy reporting app (Crystal Distribution 8.5) that relies on DLLs to export data from it to other apps such as Excel.
  In XP/2003 the DLLs are installed and accessed from the WINDOWS & System32 directory but due to changes that MS made in Vista/2008 and higher the DLLS need to be installed in the user's local profile for the app to work properly on Vista/2008+.  Example:
  C:\Users\user.name\WINDOWS\Crystal
  This has been easy to manage for the few users on Win 7 workstations but we are now making the move to Server 2008R2 RDS.  Therefore using a script to put these DLLs in the right place via Group Policy when a user logs on to an RDS server (there will be
  multiple and they will be load balanced) seems the logical answer.
  I am not however an expert on scripting by any means.  I can just about manage a logon script to map a network drive.  Could do with some help on:
  > A logon script that runs once per server per user that I can deploy with a GPO
  > The script needs to create a directory in their local user profile path (as previously mentioned) and copy a list of DLLs to it (or just copy the "Crystal" folder to the WINDOWS folder in their local profile).
  Many thanks

  Hi Flanjman,
  If the servers are deployed on server 2008 R2+, you can try a powershell script, and the script below may be helpful for you, which can create a new directory and copy the local folder to the new created folder:
  $newfolder = "C:\Users\user.name\WINDOWS\Crystal"
  New-Item -Path $newfolder -ItemType directory #create new folder
  copy-item -Path d:\test1 -Destination $newfolder -Force -Recurse #copy all the files in the folder
  Then please save the script above as .ps1 file, and follow this article to deploy in GPO:
  Start Me Up: Scripting a Logon with PowerShell
  Please also note, if the powershell execution policy on all the servers haven't been set to allow to run a powershell script locally, you also need delopy the execution policy in GPO firstly:
  Computer Configuration\ Administrative Templates\ Windows Components\ Windows Powershell" and configure the "Turn on script execution" setting, and choose "Allow local script and remote signed scripts"
  If you have any feedback on our support, please click here.
  Best Regards,
  Anna
  TechNet Community Support

• Cannot apply Logon Script Windows Server 2008 R2

  Hello everyone. 
  below is simple command line that needed to be applied to all users in a domain
  reg import \\ad1\NETLOGON\Logon.reg
  I wrapped this "code: into simple txt file and renamed it logon.bat.
  I copied logon.bat into \\domain.local\SysVol\domain.local\Policies\{A16AB93E-F826-422F-88FD-715C63B79FC5}\User\Scripts\Logon
  folder also copied into C:\Windows\SYSVOL\sysvol\domain.local\scripts (NETLOGON) folder
  Created new GPO and linked it to OU, configured as on picture
  Batch file work on double click. But I can't make it work through GPO. Not even when I type file name in Logon Script field on Profile tab of a user object in ADUC snapin.
  In short, I've read tons of articles about logon script. For example this
  article But seems I am missing something
  where is my mistake ? 
  HTH
  Vusal M. Dadashzadeh

  Hello everyone. 
  below is simple command line that needed to be applied to all users in a domain
  reg import \\ad1\NETLOGON\hesabatAvis.reg
  I wrapped this "code: into simple txt file and renamed it logon.bat.
  I copied logon.bat into \\domain.local\SysVol\domain.local\Policies\{A16AB93E-F826-422F-88FD-715C63B79FC5}\User\Scripts\Logon
  folder also copied into C:\Windows\SYSVOL\sysvol\domain.local\scripts (NETLOGON) folder
  Created new GPO and linked it to OU, configured as on picture
  Batch file work on double click. But I can't make it work through GPO. Not even when I type file name in Logon Script field on Profile tab of a user object in ADUC snapin.
  where is my mistake ? 
  HTH
  Vusal M. Dadashzadeh

• Cloudfront signed url works with "setup page", but not local copy

  I generated a signed url so I could do rtmp streaming through cloudfront from a S3 bucket.
  When I put this url as the "src" of the player found here: http://osmf.org/dev/2.0gm/setup.html, I can see my video, however, it doesn't work on my local copy of Strobe Media Player.
  I went and grabbed the latest available versions from source forge (2.0 of OSMF and 1.6 of SMP), compiled them, and tried to play the file, but it wouldn't work on my compiled copy.
  My player works fine with normal videos, only when using signed urls from cloudfromt do I get ths error
  It uses a signed url like this:
  rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/vid_cdntest001?Signature=RSS0PV4RCq6lsF7gKE202 sHJw0lxCE9zwJbISVuovaBnARQFCVZ2e6SSejHXN4uIT5uotDBT8iYZVvfUC3rq0A571CWVETsnlJ4jhEir1JE5w-p jC-cx~CjxkcVQSj8EC07zozoNCypiBggLy0w2Id8TUxTuX9KrIDlN~BImwBjN1cnuZMpms9dpfuw-MLFefHtTDwfZZ Yh00LSUAEqA0BwqhA6NECHbrkaXQjUM7r5TRSP3ZH5uFIWhUWLMH3WWYLyz5bQab3FQxZhI4BhdFPJm6Z0m6HVVnuz eMqibMWDGybtoepjkTUYJqeTaYQUpIHrp1-0-dDVhhCx7BxCOlA__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Exp ires=1387398525
  And it requires a flashvar "urlIncludesFMSApplicationInstance" to be set to true. The flashvar is set in my local copy of the player.
  I set "verbose" to true, and I get "Playback failed. Failed to play(stream ID: 1)"
  The AWS people were able to play the file on their debug player, so it isn't a problem with the video. It's just something about my copy of the player or the environment I'm on.

  I'm initlaizing the player using swfObject like this:
  $(document).ready(function(){
          callPlayer("rtmp://s161ki0ys7euuz.cloudfront.net/cfx/st/vid_cdntest001?Signature=EYvGzU2I4CRLE4h8pD8fec3A6fwfIqadzuAtVBQcsDeh0zU9rexKJqq-5GVNG~PdNlV~nbdSlUl4FAJ6rCuOTAh7BrXkieg26z4y3uMgzLm3I3p8GSjTyUBe5rIbZhnxUulSFfHoOWFDV-keORil3~zG91OVDKxvsbIrZv6-IsYTJQzYA7w6R2jy6SiJEJwfqNvD5xdiv2w87GuR472kELQ79yvI6twgeDnZOkN~w9khQSVLcqqmAkkTHQxxkBR8hs954VaUEAKZO~ejwZ3ju8xTUAeuuQu3y06r6SHNGwhLdQh00qV1PUHSMdPdHp3SzZdCxwAepV6xUx2~TR2idw__&Key-Pair-Id=APKAJSRQXYNPUENHF6HQ&Expires=1387466710");
      function callPlayer(x){
      $("#PlayerHolder").html("<span id='PlayerDiv'></span>");
          var flashvars = {};
          flashvars.verbose=true;
          flashvars.src=x;
          var parameters = {};
          parameters.urlIncludesFMSApplicationInstance=true;
          var attributes = {};
          attributes.name="player";
          attributes.id="player";
          swfobject.embedSWF("StrobeMediaPlayback.swf?ID="+Math.random()*100,"PlayerDiv","470","320","11.2","scripts/expressInstall.swf", flashvars, parameters, attributes);

• Cannot access local copy of NAS

  I can logon to my NAS, however my MacBook pro keeps prompting me to logon to the local copy of the NAS.  Then rejects my username and password combo.  I no longer know what that combo is.  Is there a way to reset this? 

  I can logon to my NAS, however my MacBook pro keeps prompting me to logon to the local copy of the NAS.  Then rejects my username and password combo.  I no longer know what that combo is.  Is there a way to reset this? 

• How to create a logon script to delete folder, subfolders and contents when a user logs on ?

  I need to create a logon script which will delete a folder, subfolder and contents when a user logs on. I have no experience with scripting so any pointers you can give would be much appreciated.
  Thanks

  depending on how you have thing set up, it might be easier to make a LaunchAgent to handle this.  do this:
  copy the text below into a text editor
  save it as a plain text file in /Library/LaunchAgents with the file name "user.startup.folderDeleter.plist" (the name doesn't matter so much, but the 'plist' extension is required)
  load the plist into launchd by restarting the machine or by opening terminal and running the command launchctl load /Library/LaunchAgents/user.startup.folderDeleter.plist
  This will delete the folder any time any user logs in.  You could also expand this to delete the folder periodically (once a day, for instance) if that would be helpful.
  Note, this file must be saved as plain text. apps like TextEdit sometimes default to making rich text files which will not work.  Either download a programmer's text editor like TextWrangler, or make sure that TextEdit is using plain text (if the window has a formatting toolbar it's using rich text;  select "Make Plain Text" from the Format menu).
  copy the text below:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>user.startup.folderDeleter</string>
            <key>RunAtLoad</key>
            <true/>
            <key>ProgramArguments</key>
            <array>
                      <string>osascript</string>
                      <string>-e</string>
                      <string>tell application "Finder" to delete folder "Final Cut Express Data" of folder (path to preferences from user domain)</string>
                      <string>-e</string>
                      <string>tell application "Finder" to empty trash</string>
            </array>
  </dict>
  </plist>

• How can I get ipconfig /setclassid running through a logon script on Vista.

  I have written a number of logon scripts to execute variations of this command at logon but it seems that it will not run for some users and they see a message
  "The requested operation requires elevation"
  Is there a way I can call this command at logon through this script?
  Obviously I cannot use the runas command as I would then need to give the users the password to enter midway through the script.

  In case you are reading this, std users need rights to change network settings. If the script is being run as the user, as in this case, you need to add the user to the network configuration group, locally to where they will log on. If this is a change on all pcs then create a group and if this is a domain change consider a group policy.Vince

• GP logon script with PowerShell

  We have a Windows Server 2012 domain and would like to create a GP logon script with PowerShell.
  So if you execute the .ps1 file, the specified logon script settings (including parameters) would be applied automatically in the GP.
  Any idea of such command line?

  Thanks for the tips!
  May not be the easiest solution, but it works:
  I created a backup of the GPO set fully graphical interface, and I've copied ps1 file in the same folder.
  #Start
  #Create GPO
  $gponame = "Program_AutoStart"
  Write-Host ""
  $ou = Read-Host "What is your Organisational Unit name?"
  Write-Host ""
  $enforce = Read-Host "Do you want enforce Group Policy link? (Yes/No)"
  $dc1 = $env:userdnsdomain
  $dc1length = $env:userdnsdomain.Length
  $dc1s = $env:userdnsdomain.Split(".")
  $dc1count = $dc1s[$dc1s.Count-1].Length+1
  $dc1max = $dc1length-$dc1count
  $dc1 = $dc1.Substring(0,$dc1max)
  $dc2 = $env:userdnsdomain.Split(".")
  $dc2 = $dc2[$dc2.Count-1]
  Write-Host ""
  Write-Host -Object "Create a new Group Policy Object..."
  #replace GPO settings
  ##backup.xml file
  $backupFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\Backup.xml"
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $backupFilePath
  ##backup.xml file
  $bkupinfoFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\bkupinfo.xml"
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $bkupinfoFilePath
  ##gpreport.xml file
  $gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\gpreport.xml"
  $programexe = "$env:logonserver\$share\My_Program\program.exe"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
  Write-Host ""
  $parameters = Read-Host "Add your parameters"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
  ##scripts.ini file
  $gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\DomainSysvol\GPO\User\Scripts\scripts.ini"
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
  #Import GPO and link
  Write-Host ""
  Write-Host -Object "Import Group Policy settings..."
  Import-GPO -BackupGpoName "$gponame" -TargetName "$gponame" -Path ".\backup" -CreateIfNeeded
  New-GPLink -Name "$gponame" -target "ou=$ou,dc=$dc1,dc=$dc2" -Enforced $enforce -LinkEnabled Yes
  #Replace undo
  ##backup.xml file
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $backupFilePath
  $content = Get-Content -path $backupFilePath
  $content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $backupFilePath
  ##backup.xml file
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $bkupinfoFilePath
  $content = Get-Content -path $bkupinfoFilePath
  $content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $bkupinfoFilePath
  ##gpreport.xml file
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
  ##scripts.ini file
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
  $content = Get-Content -path $gpreportFilePath
  $content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
  #End

• PowerShell Logon Script

  I have a powershell logon script that is governed by group policy.
  It works great except one thing.
  I have this awesome little piece that goes something like,
  $user = (GetADUser -Identity $env:USERNAME -Poperties MemberOf,sAMAccountName | Select-Object MemberOf,sAMAccountName)
  if ($user.Memberof -match $someMembershipInAD)
  {put a file on their desktop}
  However, the client systems do not have the AD module, nor will it be installed.  Is there another way to check the users security memberships? 

  You can use the following function to test Group Member ship using ADSI and DotNet
  Function Test-GroupMembership
  <#
      .Synopsis
          Test whether the current user is a member of a specified group.
      .Description
          Tests whether or not the current user is a member of a specified
          security group. (works only for current domain).
      .Parameter GroupName
          The security group to test.  Note that this value may be supplied
          as a string which will be converted to an NTAccount object.  If the
          group does not exist, an error will occur and the result of the test
          will be False.
      .Inputs
          None.
      .Outputs
          True ($true) if the user is a member of the group; otherwise False ($false).
      .Example
          Test-GroupMembership Administrators
          Returns true if the current user is a member of the local Administrators group.
      .Example
          PS C:\> Test-GroupMembership 'Groupdoesnotexist'
          Test-GroupMembership : Group: Groupdoesnotexist does not exist!
          In Zeile:1 Zeichen:1
          + Test-GroupMembership 'Groupdoesnotexist'
          + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
              + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-GroupMembership
          False
          Returns an Error False as the group does not exist
  #Requires -Version 2.0    
  #>
      Param (
          [Parameter(Mandatory=$true)]
          [System.Security.Principal.NTAccount]$GroupName
      $searcher = [adsisearcher]''
      $searcher.Filter = "(&(ObjectClass=group)(SamAccountName=$GroupName))"
      $GroupExist = [bool]$searcher.FindOne()
      IF (-not($GroupExist))
          Write-Error -Message "Group: [$GroupName] does not exist!"
          return $False
      $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
      $principal = New-Object Security.Principal.WindowsPrincipal $identity
      $principal.IsInRole($GroupName)
  } #end Function Test-GroupMembership