Wednesday, March 16, 2005

Abusing the Logon Script

So you're getting your server status reports, and notice you have some KERBEROS errors that show up from some clients, or you just happened to notice the time is different on the server than it is on the client.

First things first, make sure the Windows Time service is enabled on your server. The next thing you have to do is to re-synch the time with all the clients on the network.

Woa! That could be up to 75 client computers! (even with more than 5 it's a pain)

So, you need a way to run a command line on each client on the network. The specific command line is

net time /set \\permit /y

The joy of SBS, is that each time someone logs in, and logon script is run, you can simply modify this by

  • Opening SBS_LOGON_SCRIPT.BAT from C:\WINDOWS\SYSVOL\sysvol\DanielFamily.local\SCRIPTS

  • Adding a new line with the command line shown above

  • Saving the file

Now each time a user logs in, this will get run and just set the time on the users PC to match that of the server.

Once you get the time service synchronized, then you can remove this from the logon script as it's really superfluous.

I'm sure you might also want to run other things on the client, feel free to use the logon script for that also!


Anonymous said...

Thanks a million, Sean!!!

Would it possible to add some lines to the login script to add mapped drives to users.

In my case, everyone in domain needs to see the same mapped drives, but assigning them by group would be great too!!!

Thanks again,


Sean Daniel said...

If you can find a command line that isn't user specific, you can do anything you want in the logon script.