[gptalk] Re: How to: Pass GP logon scripts upon VN connection?

  • From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 20 Sep 2006 09:36:24 -0700

One more thing- you can add 1 line to the script you run after connection:

gpupdate.exe /force

(This will run the group policy if you already have your logon script within

After all -this is a GP list..


----- Origina

----- Original Message ----- From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx>
Sent: Wednesday, September 20, 2006 9:33 AM
Subject: Re: [gptalk] How to: Pass GP logon scripts upon VN connection?


This is an easy fix:

On a Win2k3 server install the connection manager administration kit.
after you install run through the creation of a new VPN connection. There are hundreds of options but the run script after connection is what you are looking for. when you get to that page just upload your script into the wizard and when you complete the wizard you will have a executable that you can then distrubute to your clients. Once you play with it a bit you will probably set many of the options.

let me know if you need assistance and we can take it offline.

----- Original Message ----- From: "Mills, Mark" <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx>
Sent: Wednesday, September 20, 2006 9:26 AM
Subject: [gptalk] How to: Pass GP logon scripts upon VN connection?

I have some users who create a VPN tunnel to the network when they travel. The VPN endpoint passes their VPN logon credentials to the domain IAS server (Internet Authentication Server) which then either allows the VPN router to connect them to the domain via VPN, or deny them access.

Once on the VPN, I need to have their machine run their standard Group
Policies logon scripts - most of the logon scripts are standard VB drive
mappings, some in loopback processing mode. (even if I could get just
the user side GP setting applied it would be acceptable.)

Darren - if this is specifically addressed in one of your books, just
tell me and I will go buy it (please reference a title, page number, and
ISBN # there is a Barnes and Noble down the street) - Or if Jeremy
Moskowitz is listening, I bought your book, tell me what to look under
to find my solution.  I'm not trying to freeload information - even if
someone can give me some key words to Google for this I would be

End Result:

I need my end result to be that they get all their GP based mapped
drives upon logging into the VPN.  They get one set of mapped drives by
default, but then get other mapped drives depending on what hardware
they are on (pc or laptop) and these are the mapped drives that are
passed down in loopback processing mode because laptops are in one OU,
while pc's are in another.

I haven't seen a Microsoft method to run a script upon VPN connection to
our network.  I've looked at the "dial-in" tab in ADU&C, and also tried
to see if there was a method to accomplish this with a connection policy
in IAS.  I feel as if I'm left having to create a WMI script that says
something to the effect - if connected to a 15.15.15.x network then run
this script at c:\scripts\vpnmappings.vbs

If all of this is absolutely impossible, then can someone tell me how to
make a "persistent" mapped drive when using VBScript?  My logons
currently use a VB script but they are not persistently mapped.

Mark Mills

You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: