Tactical Advice

Group Policy Login Scripts

Use these scripts to assign printers to workstations.
This story appears in the June 2007 issue of BizTech Magazine.

One of the most mysterious and confusing aspects of network administration has to be the use of Active Directory and Group Policy. But this doesn’t have to be the case. Most issues come from a lack of understanding of what Group Policy is, how it works and what can really be done with it. Answering a simple question can clear up a lot of these mysteries — to wit: “How do I use Group Policy to assign printers to workstations?”

The first step is to back up everything that you can in more than one way. Once safety is ensured, you can proceed confidently. Next, you can write a script that adds a network printer on a Windows workstation, and then create a Group Policy to assign that printer to some workstations. Use your imagination afterward to fit this example into your work life.

Scripting Tips

Scripting is a way for systems administrators to save all sorts of time and to reduce management headaches. I’ve never met a sysadmin who refuted the idea that scripting is invaluable. If you want to be a superlative administrator, learn a scripting language. Visual Basic Script is a great one to know; JavaScript is good too; Windows Script is nice as well for Windows environments; and DOS batch scripting is also handy in many cases. You don’t need a computer science degree; any beginner book on scripting can get you started.

When assigning printers, there are a few assumptions to consider. We will assume that you have a Windows-based computer network, and on this network is a print server (this can be any computer), and on this print server is at least one printer that users share.

Scripting is fluid, so there are many other ways to do this. Here’s the script; you just follow along.  Open Notepad and type this text in:

Set objNetworkPrinter = CreateObject("WScript.Network")
strConnectString = "\\your print server’s host name here\share name of your printer here"
strResult = objNetworkPrinter.AddWindowsPrinterConnection(strConnectString)

Please insert the computer name (aka, host name) of your print server where indicated and the share name of your target printer where indicated. Now, save the file with an intuitive name (for this example let’s call it “printer_mapper”), then change the file extension from “.txt” to “.vbs.” The script is complete.

Save this file somewhere on the network where users can read and execute permissions to the file. They need this, or it won’t run. In a Windows domain, I suggest the netlogon share of the domain controller itself. This is a central place; it’s already there, and it was intended for this use.

Group Policy’s Role

Now you’re ready to create the Group Policy to orchestrate this madness. I use Group Policy Management Console (GPMC), which is a free download from Microsoft that I highly recommend if you intend to use Group Policy.

Simply open GPMC, create a new policy, then open either Computer Configuration or User Configuration (depending on how you intend to administer your domain), open Windows Settings, and select Scripts (Logon/Logoff). In the details pane to the right, you should see Logon and Logoff. Double-click Logon. Click Add. Now browse for the script, and click OK

You can add several more scripts here. You know best what needs to be done in your environment. Do you want to have people get a standard network drive mapped to a certain network share?  Then use the net use command in a DOS batch script, and add it in this policy. Do you want the workstations to refresh their domain policy every time they log in? Then use the gpupdate command in a DOS batch script, and add it to this policy. You could even create another VB script to set certain people or groups as local administrators on the workstations, then add that as well.

Other Juicy Tidbits

In addition to scripting, there are myriad other helpful things you can do with Group Policy. While you still have GPMC open, let’s review a few popular options. Open the policy you just created and peruse the Computer Configuration section.

Under Windows Settings, Account Policy, you will find the password policy section. Use this to define password age, complexity and uniqueness.

Under Windows Settings, Account Lockout Policy, you will find the settings to lock a user account after a certain number of invalid password attempts. This is a great tool to prevent unauthorized users from cracking your users’ passwords.

Under Administrative Templates, Windows Components, Windows Update, you can define exactly how you want the workstations to perform Windows updates.

Under Administrative Templates, Network, Network Connections, Domain Profile or Standard Profile (Domain Profile takes effect when the users are on the domain, Standard Profile takes effect when the users are away), you will find the settings to configure the Windows firewall on Windows XP SP2 or newer workstations. This is a handy tool that lets you make program exceptions, open and close ports, restrict remote administration policies, set logging policy and much more. Now reboot your workstations, and let the automatic printer mapping and network configuration begin. 

What About Vista?

These scripts and policies should work with Windows Vista. Microsoft appears to have improved the operating system in this area. Vista has more than 700 new policy settings that the discriminating administrator can configure. Many have been badly needed for some time — among them, the ability to apply local policies to administrators and nonadministrators separately.

Jeremy Dotson is a LAN administrator for Tronair (www.tronair.com), a manufacturer of aircraft ground support equipment in Holland, Ohio.
Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.