Sunday, December 31, 2006

Enabling Kerberos Event Logging on a Specific Computer

1. Start Registry Editor.
2. Add the following registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Registry Value: LogLevel
Value Type: REG_DWORD
Value Data: 0x1

If the Parameters subkey does not exist, create it.

Note Remove this registry value when it is no longer needed so that performance is not degraded on the computer. Also, you can remove this registry value to disable Kerberos event logging on a specific computer.
3. Quit Registry Editor, and then restart the computer.
You can find any Kerberos-related events in the system log.

Windows Logon Script FAQ

1. What is a Windows logon script?
It is a script that get executed when a user logon to Windows using a local or a domain account. Languages supported are VBScript, Perl, Batch files or third party scripting applications.

2. How does it work?
On Windows 95 and 98 a LMSCRIPT.EXE executes any .exe .bat or .cmd file indicated on the users profile (local profile if signing in locally or user profile in the domain controller when signing in to a domain controller). Windows NT5 and 2000 supports the WSH (Window Script Host) files directly.

3. Where is the script located?
The default location for local logon scripts is the %Systemroot%\System32\Repl\Imports\Scripts folder. The %Systemroot%\System32\Repl\Imports\Scripts folder is not created on a new installation of Windows. Therefore, the %SystemRoot%\System32\Repl\Imports\Scripts folder must be created and shared out with the share name netlogon.

If you do not want to create the netlogon share in the default location, place the script in any folder that the user can access during logon. It is recommended that this folder be shared.

If the logon script is stored in a subfolder of the domain controller's logon script path (Sysvol\DomainName\Scripts), precede the file name with the relative path, for example, Clerks.bat or Our_users\user_1.cmd

3. How do you assign a logon script?
  • On the task bar click Start button, point to Settings, then click Control Panel.
  • Double click Administrative Tools, and double click Computer Management.
  • In the console tree, expand Local Users and Groups, and click Users.
  • Click the user account that you want to edit.
  • Click Action, and then click Properties.
  • Click the Profile tab, and then type the path and file name of the script in Logon script.
  • Click Apply and then click Ok.
(Applies to Windows NT5, Windows 2000)

4. How do you assign a logon script in a domain with Active Directory?
You can assign a logon script in the Profile tab in the users properties in the Active Directory Users and Computers MMC.
You can also assign a logon script using Group Policy.

5. What can the logon script do?
A batch logon script can connect drives to network shares, connect to network printers and run command line utilities. Anything you can do in a command prompt can be done in a logon script.

6. What other events can have a script?
Group Policy can also be used to assign Logoff, Startup, and Shutdown scripts. The Logoff script setting in Group Policy is “User Configuration”, “Windows Settings”, “Scripts (Logon/Logoff)”, “Logoff”. Similar to the Logon script setting, it applies to all users in the domain, site, or organizational unit that the GPO is assigned to. Startup and Shutdown scripts are in “Computer Configuration”, “Windows Settings”, “Scripts (Startup/Shutdown)”. These scripts are applied to any computer in the domain, site, or organizational unit that the Group Policy is applied to. There is no provision for running Logoff, Startup, or Shutdown scripts on computers with Windows 95, Windows 98, Windows ME, or Windows NT.

A sample logon script

The script below opens an IE window, you can change the page being opened to a static file or a web application URL.

'Opens an IE window as a splash screen during logon
CreateIE()
'place you other startup scripts here

Sub CreateIE()
On Error Resume Next
Set oIE = CreateObject("InternetExplorer.Application")
With oIE
.navigate "\\rhino-main\"
.resizable=0
.height=430
.width=350
.menubar=0
.toolbar=0
.statusBar=0
.visible=1
End With
Do while oIE.Busy
' wait for page to load
Wscript.Sleep 100
Loop
End Sub