I'm currently building up a Windows Server 2008 R2 for use as a terminal server, and I'm looking for options on scripting. I know how I can attach logon scripts to the user in Active Directory, or to all logins on the server via registry tweak, but that is not what I want here.
Ideally, I want my script to only run the first time the user logs into the terminal server, so right after their profile is created on that server. I want to set some registry keys, map network drives, that sort of thing.
Is this possible, and can you point me to how it might be done? Is it worth doing? Should I just forget this and make the script safe to run every single time a logon occurs?
Best Answer
You could create a GPO using the Group Policy Preferences node rather than the Policies node to create both mapped drives and registry keys. Use the "Create" action which deploys your settings only if they don't exist.
The uniqueness of Preferences is that the settings deployed subsequently are user configurable, unlike Policies which are not.
There are several ways of targeting only users logging on to the Terminal Servers. For instance you can set a Group Policy Preference target condition as part of the preference, specifying logon to the Terminal Server machines as a requirement. This mechanism does not exist in the Policies node (which uses ACLs exclusively).
Read more here.