Logon Scripts, Group Policy Preferences, and Windows Vista

by Mitch Tulloch [Published on 5 Nov. 2008 / Last Updated on 6 Nov. 2008]

Many logon scripts that worked with Windows operating systems won’t work with Windows Vista. Here’s what you can do to replace them.

Many logon scripts that worked with previous Windows operating systems won’t work with Windows Vista. This is because of User Account Control (UAC), which can block certain types of logon script actions from running automatically, including writing to the registry—even if the user’s account is added to the local Administrator’s group on the system. One workaround is to put such actions into startup scripts instead of logon scripts, but they won’t always work that way. Another workaround is to disable UAC, but this is not recommended as it can impact application compatibility, lower security, and cause access errors because of file and registry virtualization.

The best solution is to replace your logon scripts with Group Policy Preferences, a feature of Windows Server 2008 that can replace most if not all logon script actions. Group Policy Preferences are one of many good reasons for upgrading your back-end infrastructure from Windows Server 2003 to Windows Server 2008. For more information on Group Policy in Windows Vista and Windows Server 2008, see the Windows Group Policy Resource Kit: Windows Server 2008 and Windows Vista.

Featured Links