Deleted logon script returning to NETLOGON

J

Jason Paris

Hi all,

This is strictly a Win2003 SBS query, but I hope you don't mind.

Our company recently hired some consultants to upgrade our NT 4.0
domain to 2003 SBS. Prior to the migration, we had a LOGON.BAT file
resident in the NETLOGON share of the server.

During migration, the consultants installed - on the SBS machine - a
new script called SBS_LOGIN.BAT. This script contained a number of
superfluous instructions, so - in an attempt to keep things consistent
with our previous set up - I renamed SBS_LOGIN.BAT to LOGON.BAT, and
removed the redundant instructions.

However, periodically the SBS_LOGIN.BAT script *returns* to the
NETLOGON share. I'll find it sitting alongside LOGON.BAT, executing
its evil commands when users logon! :)

When questioned, the consultants said "It must be lurking in the AD
somewhere - search for it".

I have - no luck. Ditto the Registry.

Has anyone encountered anything like this before? Any ideas on where
to begin?

Thanks in advance,

Jason Paris
 
P

Pegasus \(MVP\)

Jason Paris said:
Hi all,

This is strictly a Win2003 SBS query, but I hope you don't mind.

Our company recently hired some consultants to upgrade our NT 4.0
domain to 2003 SBS. Prior to the migration, we had a LOGON.BAT file
resident in the NETLOGON share of the server.

During migration, the consultants installed - on the SBS machine - a
new script called SBS_LOGIN.BAT. This script contained a number of
superfluous instructions, so - in an attempt to keep things consistent
with our previous set up - I renamed SBS_LOGIN.BAT to LOGON.BAT, and
removed the redundant instructions.

However, periodically the SBS_LOGIN.BAT script *returns* to the
NETLOGON share. I'll find it sitting alongside LOGON.BAT, executing
its evil commands when users logon! :)

When questioned, the consultants said "It must be lurking in the AD
somewhere - search for it".

I have - no luck. Ditto the Registry.

Has anyone encountered anything like this before? Any ideas on where
to begin?

Thanks in advance,

Jason Paris
Click to expand...

You probably have some process that automatically restores
the file from some backup location. It's not an Windows process -
your consultant must have put it there.

However . . . what users execute when they logon is determined
by the script that is specified in their account profile. Are you
saying that the script name changes from "logon.bat" to
"sbs_login.bat" in each and every account, by sheer magic?

There is an easy way of preventing sbs_login.bat from ever
coming back: create a folder \\YourServer\netlogon\sbs_login.bat.
End of problem!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain logon script runs minimised 10
Logon scripts not running at NETLOGON 1
Logon Script for local XP system on home network 2
Read a file in the Netlogon share from a logon script 1
%logonserver% mapping fails to work in logon script 2
logon script not working - need hlep 6
logon script to add network printers 1
Netlogon Share and Script Folder missing 5

Top