Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Group Policies / How to Run GPO Logon Script Only Once?

April 5, 2022 Active DirectoryGroup PoliciesWindows 10Windows Server 2019

How to Run GPO Logon Script Only Once?

GPO logon scripts allow you to run a BAT or PowerShell script at computer startup or user logon/logoff. In some cases, an administrator wants a particular script (command/program) to be run for each user or computer only once and not run at the next logons.

To solve this task, you can use a standard logon script that checks for a certain flag on the computer. This can be a registry parameter, a text file on the disk, etc.

For example, you want a certain code block to be executed only once at the first user log on to a computer.

  1. Create the following BAT file (corp_user_init.bat) and save it to %SystemRoot%\SYSVOL\sysvol\<domain name>\scripts on your domain controller:@echo off
    IF EXIST C:\Users\%UserName%\AppData\app_init.txt GOTO END
    date /t >> C:\Users\%UserName%\AppData\app_init.txt
    time /t >> C:\Users\%UserName%\AppData\app_init.txt
    REM Put your code here, which will be executed once
    :END

    The script creates a small text file in a user’s profile when it is run for the first time. When the script is run for the next time through the GPO, it checks if the file exists on a disk. If it does, the script has already been executed and the code doesn’t need to be run again.
  2. Open the domain Group Policy Management console (gpmc.msc);
  3. Create a new policy and link it to an OU with users (or computers, but then you have to enable the Loopback Processing mode);
  4. Go to User Configuration -> Windows Settings -> Scripts (Logon / Logoff);
  5. Select Logon;
  6. Click Add and specify the path to your BAT file in SYSVOL (\\woshub.com\SysVol\woshub.com\scripts);
    GPO: Run a logon script once a new user logs on
  7. After updating Group Policy settings on a client computer, your script will be executed at user logon. Make sure that it has successfully created the app_init.txt file in a user’s profile.
    If the GPO with the script has not been applied, use the gpresult tool and troubleshooting methods described in the article Why GPO Is not Applied.
  8. At the next user logs on to a computer, the main script code will not be executed. So, the script is actually applied to the user only once.

Another way to run a script only once using GPO is to create a one-time task in the Task Scheduler.

  1. Save your script file (it may be either a BAT file or a PowerShell script) to the Sysvol folder on the domain controller (\\<your_domain_name>\SysVol\<your_domain_name>\scripts);
  2. Create a new GPO, link it to the user’s OU, and open its settings;
  3. Go to Preferences -> Control Panel Settings -> Scheduled Task -> New -> Immediate Task (At least Windows 7);
  4. Specify the task name;
    GPO create new Scheduled Task
  5. Open the Actions tab, click New, and specify the full UNC path to your script file in SYSVOL;
    run a script using Windows scheduled task
  6. Then go to the Common tab and check the Apply once and do not reapply option;
    Group Policy Preferences - sheduled task Apply once and do not reapply
  7. This task will run on a computer only once at the first user logon.
If you want to run PowerShell scripts through a GPO, you need to configure the PowerShell script execution policy or use the -ExecutionPolicy Bypass option when running your script (see an example here).
0 comment
1
Facebook Twitter Google + Pinterest
previous post
How to Configure NIC Teaming on Windows Server 2019/2016 and Windows 10?
next post
Disable Automatic Restart on System Failure in Windows 10/11

Related Reading

Create Organizational Units (OU) Structure in Active Directory...

May 17, 2022

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

RDS and RemoteApp Performance Issues on Windows Server...

May 16, 2022

Deploying Software (MSI Packages) Using Group Policy

May 12, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • How to Automatically Fill the Computer Description in Active Directory?
  • How to Convert SID to User/Group Name and User to SID?
  • Configuring a Domain Password Policy in the Active Directory
  • Caching Domain Logon Credentials on Windows
  • Converting UserAccountControl Attribute Values in Active Directory
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top