How to hide running logon scripts from users (.vbs) without using a wrapper script?
I figured out what's causing this, as my GPO settings are correct. The script that I need to run uses a function to force the 32bit version of the scripting host.
Function fncForce32bitCscript()
Dim strCurrentScriptHost : strCurrentScriptHost = lcase(wscript.fullname)
dim strRequiredScriptHost: strRequiredScriptHost = "c:\windows\system32\cscript.exe"
if fncCheckOS = "X64" Then
strRequiredScriptHost = "c:\windows\syswow64\cscript.exe"
end If
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.run "cscript //h:cscript",0,True
If strCurrentScriptHost = strRequiredScriptHost Then
'no switching to cscript required
Else
Dim strArgColl
strArgColl = " "
If WScript.Arguments.Count>0 Then
Dim ArgCollect
For ArgCollect = 0 To WScript.Arguments.Count-1
strArgColl = strArgColl & chr(34) & (WScript.Arguments.Item(ArgCollect)) & chr(34) & " "
Next
End If
'wscript.echo "script will be re-launched with the required script host " & strRequiredScriptHost
objShell.Run "cmd /C " & strRequiredScriptHost & " " & WScript.ScriptFullName & " " & strArgColl,1,false
'Set objShell = Nothing
'wscript.sleep 3000
WScript.Quit
End If
End Function
So replacing this call to cmd.exe
...
'objShell.Run "cmd /C " & strRequiredScriptHost & " " & WScript.ScriptFullName & " " & strArgColl, 0, false
...with this made it run hidden. Mission completed.
objShell.Run strRequiredScriptHost & " " & WScript.ScriptFullName & " " & strArgColl, 0, false
Related videos on Youtube
Matthias Güntert
Mixing technical obsession with dedication.
Updated on September 18, 2022Comments
-
Matthias Güntert over 1 year
I have a GPO (configured with loopback replace) that runs a logon script (.vbs) and linked it to an OU containing a W2012R2 RDS host.
I have made these (question related) changes to the policy:
Computer Configuration -> Policies -> Administrative Templates -> System -> Group Policy -> Configure Logon Script Delay -> Enabled -> minute: 0 User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff) -> MyScript.vbs User Configuration -> Policies -> Administrative Templates -> System -> Run legacy logon scripts hidden -> Enabled User Configuration -> Policies -> Administrative Templates -> System -> Display instructions in logon scripts as they run -> Disabled
When a user logs on, the script runs perfectly in the foreground, but according to the settings I have made, I would have expected the command prompt not to pop-up at all. So what am I doing wrong here, and what exactly is Microsoft's definition of a "legacy script"?
I am aware that I can write a small "wrapper-script" that calls
cscript.exe
with the hidden parameter, but I would like to keep this as clean as possible and would like to understand why my settings don't work.