Group Policy Logon script issue

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Axel Bøg Andersen Axel Bøg Andersen 2 years, 2 months ago.

  • Author
    Posts
  • #19173
    Profile photo of Axel Bøg Andersen
    Axel Bøg Andersen
    Participant

    Hi guys!

    Hope you have an excellent time in Amsterdam. Wish I was there.

    I recently re-experienced a very annoying behavior in Powershell User Logon Scripts.

    I needed to use a GPO for fixing several issues on registrykeys, local files and some other small tasks on a bunch of machines. The easiest way for this task was to deploy a Group Policy with a User Logon Script (the registrykey is in the logged on users hive).

    All worked fine for most users, but our servicedesk started complaining about very long logon times. It turned out they loaded their Powershell profile with all Active Directory and MSOnline modules, including a connection setup to the tenent and a session import, resulting in Powershell loading all these very usefull tools in the logon process just to set my minor tasks and killing off the session after successfully applying the settings.

    Of course it's better practice to load what you need from the console or a script importing the nessesary modules, but administrators will never have control over the $profile of all users. Hense I'm still not able to understand, why the Powershell Script option in Group Policies in general are not run with a hardcoded -NoProfile in stead of the opposite.

    Of course I can run an ordinary script, calling Powershell with the -NoProfile switch, but that is a bit altmodish.

    Does anyone know, why Powershell Scripts in Group Policies was implemented like this?

  • #19174
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Because the GPO just runs PowerShell.exe, which is the console host, which always loads profiles. Probably it just didn't occur to anyone to include support for -NoProfile in the GPO setup.

    You should suggest that in Connect.Microsoft.com under the PowerShell program. I'd suggest getting folks to up-vote your suggestion, so that it gains more attention from the product team.

  • #19175
    Profile photo of Axel Bøg Andersen
    Axel Bøg Andersen
    Participant

You must be logged in to reply to this topic.