PHWinfo - Afficher un message - How to prevent a trusted domains logon script running on the trusting domain?

30/11/2006, 19h37

Good Morning Pegasus,
Wouldn't I need to perform this
within Domain_A's login script ? I cannot change or modify that script. The
only domain I can control is Domain_B.

Thanks

John
"Pegasus (MVP)" <I.can@fly.com> wrote in message
news:eZKd%23uHFHHA.2464@TK2MSFTNGP06.phx.gbl...
>
> "John Hooper" <not@pplicable> wrote in message
> news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl...
>>
>> "Pegasus (MVP)" <I.can@fly.com> wrote in message
>> news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl...
>> >
>> > "John Hooper" <not@pplicable> wrote in message
>> > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl...
>> >> Good Afternoon Group,
>> >>
>> >> I have a problem at the moment which I do not know how to tackle and I
> am
>> >> hoping you guys may be able to . Currently I have 2 Windows 2003
>> >> domains. Domain_A and Domain_B. There is a one way trust relationship
>> >> between the two domains. Outgoing trust on Domain_B and Incoming on
>> >> Domain_A. All user accounts and regular desktops belong to Domain_A.
>> >> Domain_B is a server farm consisting of mainly Citrix Presentation
> Server
>> > 4
>> >> servers publishing specific applications. Now, in Domain_A there are
>> >> extensive logon scripts that are used. Is there a way to prevent logon
>> >> scripts being processed when a user of Domain_A logs onto via terminal
>> >> services Domain_B? I would like to intercept Domain_A's logon scripts
> and
>> >> have this authenticated user run logon scripts which are relevent to
>> >> Domain_B. I kind of think of it in this way. I am a passenger at an
>> > airport.
>> >> I approach the passenger scanning machine. I empty out my pockets and
>> > place
>> >> the contents in the tray (Domain_A's logon scripts). I walk through
>> >> the
>> >> scanner (Domain_A users logs onto Domain B), and then I do not give
> back
>> > the
>> >> contents that the user placed into the try but give the user new
> contents
>> > to
>> >> put into his pockets. I know this may sound confusing but if anyone
>> >> has
>> > any
>> >> suggestions on how I can achieve this I would be most gratified. One
> note
>> >> tho, I cannot change or modify any login scripts or processed in
>> >> Domain_A,
>> >> only in Domain_B can I make these changes.
>> >>
>> >> Thanks for any input anyone may have,
>> >>
>> >> Best Regards
>> >>
>> >> John
>> >>
>> >>
>> >
>> > I would check if %UserDomain% can be used to conditionally
>> > exit the logon script.
>> >
>> >
>> Hmm, I think I may be a little confused here Pegasus, Could you elaborate
>> more on this ? Thank, My apologies for not understanding
>>
>>
>> Cheers
>>
>> John
>>
>>
>
> 1. Start a session in a mode that is supposed to run logon scripts.
> 2. Start a Command Prompt.
> 3. Make a note of the environmental variable %UserDomain%.
> 4. Start a session in a mode that is not supposed to run logon scripts.
> 5. Make a note of the environmental variable %UserDomain%.
>
> Is %UserDomain% the same in the two modes? If it is different,
> use the difference to bail out of the logon script.
>
>

30/11/2006, 19h37	#6
John Hooper Messages: n/a Hébergeur:	Re: How to prevent a trusted domains logon script running on the trusting domain? Good Morning Pegasus, Wouldn't I need to perform this within Domain_A's login script ? I cannot change or modify that script. The only domain I can control is Domain_B. Thanks John "Pegasus (MVP)" <I.can@fly.com> wrote in message news:eZKd%23uHFHHA.2464@TK2MSFTNGP06.phx.gbl... > > "John Hooper" <not@pplicable> wrote in message > news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl... >> >> "Pegasus (MVP)" <I.can@fly.com> wrote in message >> news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl... >> > >> > "John Hooper" <not@pplicable> wrote in message >> > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl... >> >> Good Afternoon Group, >> >> >> >> I have a problem at the moment which I do not know how to tackle and I > am >> >> hoping you guys may be able to . Currently I have 2 Windows 2003 >> >> domains. Domain_A and Domain_B. There is a one way trust relationship >> >> between the two domains. Outgoing trust on Domain_B and Incoming on >> >> Domain_A. All user accounts and regular desktops belong to Domain_A. >> >> Domain_B is a server farm consisting of mainly Citrix Presentation > Server >> > 4 >> >> servers publishing specific applications. Now, in Domain_A there are >> >> extensive logon scripts that are used. Is there a way to prevent logon >> >> scripts being processed when a user of Domain_A logs onto via terminal >> >> services Domain_B? I would like to intercept Domain_A's logon scripts > and >> >> have this authenticated user run logon scripts which are relevent to >> >> Domain_B. I kind of think of it in this way. I am a passenger at an >> > airport. >> >> I approach the passenger scanning machine. I empty out my pockets and >> > place >> >> the contents in the tray (Domain_A's logon scripts). I walk through >> >> the >> >> scanner (Domain_A users logs onto Domain B), and then I do not give > back >> > the >> >> contents that the user placed into the try but give the user new > contents >> > to >> >> put into his pockets. I know this may sound confusing but if anyone >> >> has >> > any >> >> suggestions on how I can achieve this I would be most gratified. One > note >> >> tho, I cannot change or modify any login scripts or processed in >> >> Domain_A, >> >> only in Domain_B can I make these changes. >> >> >> >> Thanks for any input anyone may have, >> >> >> >> Best Regards >> >> >> >> John >> >> >> >> >> > >> > I would check if %UserDomain% can be used to conditionally >> > exit the logon script. >> > >> > >> Hmm, I think I may be a little confused here Pegasus, Could you elaborate >> more on this ? Thank, My apologies for not understanding >> >> >> Cheers >> >> John >> >> > > 1. Start a session in a mode that is supposed to run logon scripts. > 2. Start a Command Prompt. > 3. Make a note of the environmental variable %UserDomain%. > 4. Start a session in a mode that is not supposed to run logon scripts. > 5. Make a note of the environmental variable %UserDomain%. > > Is %UserDomain% the same in the two modes? If it is different, > use the difference to bail out of the logon script. > >