PHWinfo - Afficher un message - How to prevent a trusted domains logon script running on the trusting domain?

30/11/2006, 21h04

Yes, you would need access to both scripts.

"John Hooper" <not@pplicable> wrote in message
news:ufk2$bLFHHA.420@TK2MSFTNGP06.phx.gbl...
> Good Morning Pegasus,
> Wouldn't I need to perform this
> within Domain_A's login script ? I cannot change or modify that script.
The
> only domain I can control is Domain_B.
>
> Thanks
>
> John
> "Pegasus (MVP)" <I.can@fly.com> wrote in message
> news:eZKd%23uHFHHA.2464@TK2MSFTNGP06.phx.gbl...
> >
> > "John Hooper" <not@pplicable> wrote in message
> > news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl...
> >>
> >> "Pegasus (MVP)" <I.can@fly.com> wrote in message
> >> news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl...
> >> >
> >> > "John Hooper" <not@pplicable> wrote in message
> >> > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl...
> >> >> Good Afternoon Group,
> >> >>
> >> >> I have a problem at the moment which I do not know how to tackle and
I
> > am
> >> >> hoping you guys may be able to . Currently I have 2 Windows 2003
> >> >> domains. Domain_A and Domain_B. There is a one way trust
relationship
> >> >> between the two domains. Outgoing trust on Domain_B and Incoming on
> >> >> Domain_A. All user accounts and regular desktops belong to Domain_A.
> >> >> Domain_B is a server farm consisting of mainly Citrix Presentation
> > Server
> >> > 4
> >> >> servers publishing specific applications. Now, in Domain_A there are
> >> >> extensive logon scripts that are used. Is there a way to prevent
logon
> >> >> scripts being processed when a user of Domain_A logs onto via
terminal
> >> >> services Domain_B? I would like to intercept Domain_A's logon
scripts
> > and
> >> >> have this authenticated user run logon scripts which are relevent to
> >> >> Domain_B. I kind of think of it in this way. I am a passenger at an
> >> > airport.
> >> >> I approach the passenger scanning machine. I empty out my pockets
and
> >> > place
> >> >> the contents in the tray (Domain_A's logon scripts). I walk through
> >> >> the
> >> >> scanner (Domain_A users logs onto Domain B), and then I do not give
> > back
> >> > the
> >> >> contents that the user placed into the try but give the user new
> > contents
> >> > to
> >> >> put into his pockets. I know this may sound confusing but if anyone
> >> >> has
> >> > any
> >> >> suggestions on how I can achieve this I would be most gratified. One
> > note
> >> >> tho, I cannot change or modify any login scripts or processed in
> >> >> Domain_A,
> >> >> only in Domain_B can I make these changes.
> >> >>
> >> >> Thanks for any input anyone may have,
> >> >>
> >> >> Best Regards
> >> >>
> >> >> John
> >> >>
> >> >>
> >> >
> >> > I would check if %UserDomain% can be used to conditionally
> >> > exit the logon script.
> >> >
> >> >
> >> Hmm, I think I may be a little confused here Pegasus, Could you
elaborate
> >> more on this ? Thank, My apologies for not understanding
> >>
> >>
> >> Cheers
> >>
> >> John
> >>
> >>
> >
> > 1. Start a session in a mode that is supposed to run logon scripts.
> > 2. Start a Command Prompt.
> > 3. Make a note of the environmental variable %UserDomain%.
> > 4. Start a session in a mode that is not supposed to run logon scripts.
> > 5. Make a note of the environmental variable %UserDomain%.
> >
> > Is %UserDomain% the same in the two modes? If it is different,
> > use the difference to bail out of the logon script.
> >
> >
>
>

30/11/2006, 21h04	#7
Pegasus \(MVP\) Messages: n/a Hébergeur:	Re: How to prevent a trusted domains logon script running on the trusting domain? Yes, you would need access to both scripts. "John Hooper" <not@pplicable> wrote in message news:ufk2$bLFHHA.420@TK2MSFTNGP06.phx.gbl... > Good Morning Pegasus, > Wouldn't I need to perform this > within Domain_A's login script ? I cannot change or modify that script. The > only domain I can control is Domain_B. > > Thanks > > John > "Pegasus (MVP)" <I.can@fly.com> wrote in message > news:eZKd%23uHFHHA.2464@TK2MSFTNGP06.phx.gbl... > > > > "John Hooper" <not@pplicable> wrote in message > > news:em8YkqHFHHA.3304@TK2MSFTNGP05.phx.gbl... > >> > >> "Pegasus (MVP)" <I.can@fly.com> wrote in message > >> news:eQzi4FHFHHA.1240@TK2MSFTNGP03.phx.gbl... > >> > > >> > "John Hooper" <not@pplicable> wrote in message > >> > news:u0WaB%23FFHHA.2268@TK2MSFTNGP03.phx.gbl... > >> >> Good Afternoon Group, > >> >> > >> >> I have a problem at the moment which I do not know how to tackle and I > > am > >> >> hoping you guys may be able to . Currently I have 2 Windows 2003 > >> >> domains. Domain_A and Domain_B. There is a one way trust relationship > >> >> between the two domains. Outgoing trust on Domain_B and Incoming on > >> >> Domain_A. All user accounts and regular desktops belong to Domain_A. > >> >> Domain_B is a server farm consisting of mainly Citrix Presentation > > Server > >> > 4 > >> >> servers publishing specific applications. Now, in Domain_A there are > >> >> extensive logon scripts that are used. Is there a way to prevent logon > >> >> scripts being processed when a user of Domain_A logs onto via terminal > >> >> services Domain_B? I would like to intercept Domain_A's logon scripts > > and > >> >> have this authenticated user run logon scripts which are relevent to > >> >> Domain_B. I kind of think of it in this way. I am a passenger at an > >> > airport. > >> >> I approach the passenger scanning machine. I empty out my pockets and > >> > place > >> >> the contents in the tray (Domain_A's logon scripts). I walk through > >> >> the > >> >> scanner (Domain_A users logs onto Domain B), and then I do not give > > back > >> > the > >> >> contents that the user placed into the try but give the user new > > contents > >> > to > >> >> put into his pockets. I know this may sound confusing but if anyone > >> >> has > >> > any > >> >> suggestions on how I can achieve this I would be most gratified. One > > note > >> >> tho, I cannot change or modify any login scripts or processed in > >> >> Domain_A, > >> >> only in Domain_B can I make these changes. > >> >> > >> >> Thanks for any input anyone may have, > >> >> > >> >> Best Regards > >> >> > >> >> John > >> >> > >> >> > >> > > >> > I would check if %UserDomain% can be used to conditionally > >> > exit the logon script. > >> > > >> > > >> Hmm, I think I may be a little confused here Pegasus, Could you elaborate > >> more on this ? Thank, My apologies for not understanding > >> > >> > >> Cheers > >> > >> John > >> > >> > > > > 1. Start a session in a mode that is supposed to run logon scripts. > > 2. Start a Command Prompt. > > 3. Make a note of the environmental variable %UserDomain%. > > 4. Start a session in a mode that is not supposed to run logon scripts. > > 5. Make a note of the environmental variable %UserDomain%. > > > > Is %UserDomain% the same in the two modes? If it is different, > > use the difference to bail out of the logon script. > > > > > >