Script workflow explained

In the following I will explain the workflow of the script. What it does and when it does it.

1. Read command line arguments

The first order of business is to look for and parse possible command line arguments passed to the script at runtime.

2. Test if rules XML file exists

In this step the script simply checks and makes sure the specified rules XML file exists.

3. Get dynamic settings

In this step the scripts gathers all sorts of information about the computer, user, and domain. This is usually where the script will fail, if it, for instance, is unable to contact the domain controller.

4. Checking computer, prompting if logging on to server

At this point, the script knows if it is logging on to a physical server, a RDP or Citrix session, or just a normal workstation.

By default, the script will display a dialog box to the user, if he or she is logging on to a physical server, asking them if they want to continue.

Continue Running Logon Script dialog box

This can be disabled by changing the ALWAYS_RUN_ON_SERVER script setting to true (see Script wide settings and command line parameters for details).

5. Display info about users password age

In this step, the script will gather information about the users password age, and display a friendly messages to the user about when his or hers password will run out.

6. Lookup security groups the user is a member of

At this point, the script is will contact the domain and ask for the security groups the user is a member of.

Please note, that the script will also count inherited security groups, e.g. if the user is member of security groups A, and security groups A is a member of security groups B, then the user will be listed as a member of both security groups A and B.

7. Apply rules defined in XML file

At this point, the script is ready to process the XML file and apply rules. The script will process the rules in the order they are listed in the XML file.

Clean up, write to event log, close Internet Explorer window

This step is special, since errors in any of the previous stages can cause the script to jump to this stage.

When the clean up step is reached, the script will clean up all created objects, write the log to Windows’ event log (located under the Application event log section, application name is WSH) and close the Internet Explorer window, if no error occurred during execution.

If an error occurred, the problem will be highlighted with red text, and the user is asked to contact the IT department for further assistance.

Comments are closed.