PHWinfo - Afficher un message - How to prevent a trusted domains logon script running on the trusting domain?

30/11/2006, 12h33

"John Hooper" <not@pplicable> wrote in message
news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl...
>
> "Pegasus (MVP)" <I.can@fly.com> wrote in message
> news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl...
> >
> > "John Hooper" <not@pplicable> wrote in message
> > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl...
> >> Good Afternoon Group,
> >>
> >> I have a problem at the moment which I do not know how to tackle and I
am
> >> hoping you guys may be able to . Currently I have 2 Windows 2003
> >> domains. Domain_A and Domain_B. There is a one way trust relationship
> >> between the two domains. Outgoing trust on Domain_B and Incoming on
> >> Domain_A. All user accounts and regular desktops belong to Domain_A.
> >> Domain_B is a server farm consisting of mainly Citrix Presentation
Server
> > 4
> >> servers publishing specific applications. Now, in Domain_A there are
> >> extensive logon scripts that are used. Is there a way to prevent logon
> >> scripts being processed when a user of Domain_A logs onto via terminal
> >> services Domain_B? I would like to intercept Domain_A's logon scripts
and
> >> have this authenticated user run logon scripts which are relevent to
> >> Domain_B. I kind of think of it in this way. I am a passenger at an
> > airport.
> >> I approach the passenger scanning machine. I empty out my pockets and
> > place
> >> the contents in the tray (Domain_A's logon scripts). I walk through the
> >> scanner (Domain_A users logs onto Domain B), and then I do not give
back
> > the
> >> contents that the user placed into the try but give the user new
contents
> > to
> >> put into his pockets. I know this may sound confusing but if anyone has
> > any
> >> suggestions on how I can achieve this I would be most gratified. One
note
> >> tho, I cannot change or modify any login scripts or processed in
> >> Domain_A,
> >> only in Domain_B can I make these changes.
> >>
> >> Thanks for any input anyone may have,
> >>
> >> Best Regards
> >>
> >> John
> >>
> >>
> >
> > I would check if %UserDomain% can be used to conditionally
> > exit the logon script.
> >
> >
> Hmm, I think I may be a little confused here Pegasus, Could you elaborate
> more on this ? Thank, My apologies for not understanding
>
>
> Cheers
>
> John
>
>

1. Start a session in a mode that is supposed to run logon scripts.
2. Start a Command Prompt.
3. Make a note of the environmental variable %UserDomain%.
4. Start a session in a mode that is not supposed to run logon scripts.
5. Make a note of the environmental variable %UserDomain%.

Is %UserDomain% the same in the two modes? If it is different,
use the difference to bail out of the logon script.

30/11/2006, 12h33	#4
Pegasus \(MVP\) Messages: n/a Hébergeur:	Re: How to prevent a trusted domains logon script running on the trusting domain? "John Hooper" <not@pplicable> wrote in message news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl... > > "Pegasus (MVP)" <I.can@fly.com> wrote in message > news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl... > > > > "John Hooper" <not@pplicable> wrote in message > > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl... > >> Good Afternoon Group, > >> > >> I have a problem at the moment which I do not know how to tackle and I am > >> hoping you guys may be able to . Currently I have 2 Windows 2003 > >> domains. Domain_A and Domain_B. There is a one way trust relationship > >> between the two domains. Outgoing trust on Domain_B and Incoming on > >> Domain_A. All user accounts and regular desktops belong to Domain_A. > >> Domain_B is a server farm consisting of mainly Citrix Presentation Server > > 4 > >> servers publishing specific applications. Now, in Domain_A there are > >> extensive logon scripts that are used. Is there a way to prevent logon > >> scripts being processed when a user of Domain_A logs onto via terminal > >> services Domain_B? I would like to intercept Domain_A's logon scripts and > >> have this authenticated user run logon scripts which are relevent to > >> Domain_B. I kind of think of it in this way. I am a passenger at an > > airport. > >> I approach the passenger scanning machine. I empty out my pockets and > > place > >> the contents in the tray (Domain_A's logon scripts). I walk through the > >> scanner (Domain_A users logs onto Domain B), and then I do not give back > > the > >> contents that the user placed into the try but give the user new contents > > to > >> put into his pockets. I know this may sound confusing but if anyone has > > any > >> suggestions on how I can achieve this I would be most gratified. One note > >> tho, I cannot change or modify any login scripts or processed in > >> Domain_A, > >> only in Domain_B can I make these changes. > >> > >> Thanks for any input anyone may have, > >> > >> Best Regards > >> > >> John > >> > >> > > > > I would check if %UserDomain% can be used to conditionally > > exit the logon script. > > > > > Hmm, I think I may be a little confused here Pegasus, Could you elaborate > more on this ? Thank, My apologies for not understanding > > > Cheers > > John > > 1. Start a session in a mode that is supposed to run logon scripts. 2. Start a Command Prompt. 3. Make a note of the environmental variable %UserDomain%. 4. Start a session in a mode that is not supposed to run logon scripts. 5. Make a note of the environmental variable %UserDomain%. Is %UserDomain% the same in the two modes? If it is different, use the difference to bail out of the logon script.