GSLaPS- Generic Site Logon Powershell Script
08 February 2013
Once upon a time I created a logon script that allowed the user to choose the building and the office within that building, and based on the selection, it would map network drives, map printers, copy files, update registry settings, set favorites and homepages to a value specified for the office. The logon script wasn't actually a single logon script; it was actually about 15 different files. Some of them were HTA (which gave the user a drop down with their choices) others were VBS (which filtered who it would run for and actually executed the mappings). The problem was with all this is if something changed, it would usually require an update of 3 or 4 files and it wasn't an easy maintainance task to be passed down to just any random nugg.
Well, about a week ago I dove head first into powershell and decided that I could remake my HTA based script through powershell. And I could do it in only 2 (or 3) easy to manage files. I call it GSLaPS, or the Generic Site Logon Powershell Script. I don't know what the 'a' stands for, make something up.
Download the files here: GSLaPS_v1.zip
GPO Preferences vs. Logon Scripts: Everything I can have this script do can be done with Server 2008 policy preferences if you use filtering based on site and OU. Of course you would also have to have users well organized in their OUs, sites well defined down to the compound, and be running at a Server 2008 functionality level. Also your users wouldn't have much choice in the matter on what there settings would be, so if they moved to a different office, they would have to call the help desk to get their preferences right. Then there is the matter of some policies not updating correctly on some computers. I myself have been having troubles with printer preference policies running when I log in to a few computers on my home network. Not sure of the cure.
I suppose the conclusion I am attempting to lead to is that logon scripts still have relevances on our networks today, especially in the diverse networks we have in the Army. I wanted to remind the reader of this and also that scripting is not the only way to get these basic settings on a users computer, but it is reliable and fits into a broader range of networks. To each his own, but I prefer the scripts (probably cause I'm old school, but thats besides the point.).
Overall process: Like I said earlier, this script (or scripting process) is made up of 2 files and one optional file. The main file is a powershell script that is heavily reliant on WMI. This file provides the user interface forms and the processing. No settings are stored in this file. All the seetings are pulled from an XML file. The XML is relatively easy, so much so that it's a task that can be delegated to a skill level one tech without too much worry. The XML file makes this script scalable and flexible. If you need to add a building or a section to a building, just follow the fortmatting of the other sections or buildings. You can define all properties on a section level or on a site wide level: your choice.
The third optional file is just a VBS redirector script that calls on the powershell script to run. The redirector script is used when sites are not clearly defined or when the enterprise admin prohibits the use of site level policy (it happens). It figures out the users network address and calls a script based on which range of IPs that it falls into. It can be set as part of policy on any level and gives each site admin flexibility in the script they choose to run.
GSLaPS Process: On run, it checks the registry for version numbers and a network address that may of been entered earlier by this very same script. If nothing has changed, it stops. If something has changed, the version numbers or network address doesn't match current, it prompts the user with a yes/no asking if they want to run the script. If so, a form pops up giving the user the option to select the building they are in, another form pops up with sections related to the building they selected and they select their section. After that, the script unmaps old printers and network drives, maps the new ones, and can optionally do the following: create desktop shortcuts, set homepages, copy files, set IE favorites, and set registry values (string only). Then, the registry versions and subnets are updated and the user gets a friendly window informing them the script is done running.