Deploying a Logon Script via Group Policy in an Active Directory Environment
Overview
This lab demonstrates how to use Group Policy to execute a startup script for a user in an Active Directory environment. The script is designed to simulate a slow boot by launching multiple applications on login, not a practical script in an enterprise environment, and is just used for example.
| Skills Demonstrated |
|---|
| Writing and deploying a logon batch script |
| Creating and linking GPOs to Organizational Units |
| Managing users in Active Directory |
| Using Group Policy to simulate client-side behavior |
| Testing script execution on a domain-joined Windows client |
| Understanding how GPO logon scripts affect user sessions |
| Tools Used |
|---|
| Windows Server (Active Directory Domain Services) |
| Windows 10 |
| Group Policy Management Console (gpmc.msc) |
| Group Policy Management Editor |
| Active Directory Users and Computers (dsa.msc) |
| Batch Scripting (.bat) |
1. Environment Setup
- Installed a Windows Server VM
- Created a local Administrator account
- Installed Active Directory Domain Services (AD DS)
- Promoted the server to a Domain Controller with the domain name:
lab.local
2. User Creation
- In Active Directory Users and Computers, created a domain user:
- Name: John Doe
- Logon Name:
j.doe
3. Create Simulated Slow Boot Script
- Created a batch script named SlowBootSim.bat with the following contents:
start notepad.exe
start calc.exe
start mspaint.exe
timeout /t 5
4. Organizational Unit and GPO Linking
- Created a new Organizational Unit: TestUsers
- Moved
j.doeinto TestUsers
- Opened Group Policy Management
- Used "Link an Existing GPO" to attach the SlowBootSim GPO to the TestUsers OU
🧪 Script Execution Verification
- Logged into the Windows 10 Client as
j.doe - Observed that on startup, the script executed and opened the applications as intended
