Preventing Logon Script Connections at the Server

Kenn's
Tech
Notes

19980105: Preventing Logon Script Connections at the Server

January/1998
Tech Note #5

Keith believes the problems related in the previous tech note may have arisen from the logon script that was in use in the lab. In general, we only map LPT2 and LPT3 in logon scripts. This particular lab happened to connect to three different printers, so they had used LPT1 as well. (Side note: you don't have to do this. You can in fact use LPT4, LPT5, etc. But that's another story.)

What may have happened is that the user's logon script had mapped LPT1 to a network connection, despite having a printer physically connected to that local port. The connection became persistent, likely when the user "Save[d] Settings Now" or "Save[d] Settings on Exit".

It is possible to prevent logon scripts from executing when the user logs on to the server.

If you use the WSD1 NT Configuration Diskette, the default logon scripts look something like this:

ECHO OFF
IF SCH021==%COMPUTERNAME% GOTO BYPASS
REM If running on the logon server bypass network connections.
IF EXIST Z:\KIXTART.EXE GOTO WINLOGON
\\SCH021\NETLOGON\KIXTART.EXE \\SCH021\NETLOGON\STUDENT.SCR
GOTO CUSTOM
:WINLOGON
Z:\KIXTART.EXE Z:\STUDENT.SCR
:CUSTOM
REM Place group-specific connections here.
:BYPASS
ECHO Synchronizing time with NT Server ...
NET TIME \\SCH021 /SET /YES

For those of you who aren't comfortable looking at scripts, the only lines you really need look at here are the second line and the third line from the end:

...<beginning of script>...
IF SCH021==%COMPUTERNAME% GOTO BYPASS
...<the essential part of the script>...
:BYPASS
...<the end of the script>...

In this case, the computer name of the NT Server is SCH021. When this script runs on SCH021, the NT environment variable "computername" is set to SCH021. When it gets to the second line, the condition SCH021==%COMPUTERNAME% is evaluated "true". This causes the GOTO BYPASS statement to be executed. All this means is that the execution of the script jumps to a line labelled "BYPASS". This label (:BYPASS) is towards the end of the script. All the commands between those two statements are skipped. However, on any other computer, they would be executed. On any other computer, the condition SCH021==%COMPUTERNAME% evaluates as "false". This causes the GOTO BYPASS statement to be ignored. Instead, the logon script continues executing on the very next line.

This is only one example. You can use this technique to bypass a single printer or file share connection within a script as well. Note that for a non-NT client (ie. Windows 95 or Windows for Workgroups), the COMPUTERNAME variable is not a part of the operating system. You can still use it, but you must set it up manually. On a workstation named SCH104, simply insert the line:

SET COMPUTERNAME=SCH104

in the AUTOEXEC.BAT file. Then, if that computer has a shared file or printer which is accessed via a logon script, you can bypass that connection by inserting two lines in the script, one before and one after the NET USE statement. The one before tests for the computer name and bypasses the line if true, and the one after is a label specified for bypass in the first line. For example, if your logon script had a statement NET USE LPT3 \\SCH104\EPSON and you want to bypass the statement when logged on at SCH104, add the abovenoted line to AUTOEXEC.BAT and modify the logon script as follows:

IF SCH104==%COMPUTERNAME% GOTO BYPASS104
NET USE LPT3 \\SCH104\EPSON
:BYPASS104

The corresponding example in a Kixtart script is as follows. The first and last lines would be the new lines required to test for COMPUTERNAME and bypass it for workstation 104. Whether you run an old-style batch script or a Kixtart script, both require the line in AUTOEXEC.BAT for this to work on a non-NT client.

IF "SCH104"<>%COMPUTERNAME%
	? "Connecting to printer on workstation 104 ..."
	USE LPT3 "\\SCH104\EPSON"
	IF @ERROR
		COLOR r+/n 
		? "Problem @error. Unable to connect." 
		SLEEP 2 
		COLOR w/n 
	ELSE 
		? "... connected successfully." 
	ENDIF
ENDIF

(Note also: the indentation and separation of lines in the example is just for readability. Unlike standard batch scripts which have very strict rules about line format, Kixtart scripts can be formatted however you like. I would normally stick the whole IF @ERROR COLOR ... ENDIF section on one line. It doesn't matter.)

DISCLAIMER: This document is intended for the reference of computer support personnel within Winnipeg School Division No. 1. There is no warranty or liability if procedures recommended here have an adverse affect on any systems. Use them at your own risk. Any trademarks mentioned are the property of their owners, none of whom have certified any information provided here. Opinions expressed here are personal only and do not represent the policy of Winnipeg School Division No. 1 or any other organization anywhere.

Got a Tech Note to share? Submissions are most welcome! [Click here.]
To return to the Tech Notes home page, click here.
To download a copy of all the January/1998 Tech Notes in Rich Text Format, click here.

Click here to visit the Information "Super-Cul-De-Sac". This page was updated
2001 June 9

This page hosted by
Get your own Free Homepage
Check out my neighbours here in Silicon Valley Peaks by clicking here.