Is it best practice to store logon scripts centrally in \\DOMAIN\Netlogon
or in the policy folder they get put in by default, eg. \\DOMAIN\SysVol\DOMAIN\Policies\{DE22B6FB-315E-4C55-BF06-A7709913CD9E}\User\Scripts\Logon
?
What are the implications (if any) of choosing one location over the other?
I'm inclined to just keep them all in Netlogon for ease of access /review…
Best Answer
The default location for user logon scripts is the NETLOGON share, which, by default, is replicated on all DC in your forest, and is physically located in:
%SystemRoot%\SYSVOL\sysvol\<domain DNS name>\scripts
.or
%SystemRoot%\SYSVOL_DFSR\sysvol\<domain DNS name>\scripts
(for DFS-Based FRS since this is recommended from Server 2012R2+)If you set a user logon script (ADUC > User > Properties > Logon > Logon-Script > hello.cmd), it is executed from NETLOGON.
"Official" best practice is: