2

I've created a login script that fires up a quick data collection task for our network inventory software. However, we have a couple 2008 servers that run Terminal Services, and a high number of users frequently RDP into it 24/7. I'd rather this particular script not run on these servers at logon because it's an unnecessary waste of server resources. I'd rather the script only run when they log onto a PC locally.

Do logon scripts, by default, run in a terminal services / remote desktop session, and if so, is there a way to configure them not to? How would I go about doing that?

  • **Login scripts can run in an RDP environment.** Whether or not it runs in your environment completely depends on your OUs, loopback setting, and other things. One thing I need to ask though is **why is this a login script and not a startup script** or scheduled task running as the system account? Why would you need inventory per-user, and if you did it as a start up script why would it hurt to get the inventory of the terminal server? – Zoredache Jul 27 '17 at 21:09
  • It runs per user because it collects per-user data, system level is done elsewhere. As for the TS, there's a lot of people logging on/off so I didn't want it to cause performance issues. I guess I'll see if we have any problems and address it with loopback if necessary. –  Jul 27 '17 at 21:11
  • I don't understand your question. Do you need to be concerned about it running? It's going to run, if that's your concern. If you don't want it to run when users log onto the TS then use Loopback Policy Processing in Replace Mode. – joeqwerty Jul 27 '17 at 20:20

2 Answers2

1

Just check the domain of the user account before login and exit the script if it is not the same as the server name.

Gilles Lesire
  • 233
  • 1
  • 3
  • 13
0

Put a Read Deny permission for the terminal server computer account on the GPO in the security advanced settings. The computer has to read the GPO before it can apply it for the user, so the deny will prevent it.

M1keS
  • 1
  • 1