Logon Scripting is an advanced feature that allows the system administrator unmatched control over the user sessions. Associated with each User Login is a directory that will execute batch files upon connection . Logon Scripting provides automatic execution of the batch file upon the login of the user. Logon scripts are often used to map drives, establish network connections, change directories, set environment variables, run TSR’s and launch applications. When an application is launched via a logon script the User is automatically deposited into the application upon successful logon.
One of two optional batch files can be executed. One is named k_start.bat and the other is c_start.bat. Each batch file provides a unique behavior upon completion of the batch file.
• k_start.bat - This file runs upon connection and after its completion the user may get the system prompt.
• c_start.bat - This file runs upon connection and after its completion the session terminates. This can be used to restrict the user to a certain application. Even if the user executes a control-c or something similar this will not allow access other than what is specified in the batch file on the Windows computer.
Logon Scripts can be defined on a User, Global, or IP address basis. If a logon has IP Address based Logon scripts defined then they are executed. Otherwise the GSW Universal Terminal Sever determines if a User ID based logon script exists. If so then it is executed. Otherwise if a Global Logon scripts exists then it is executed.
USER Logon Scripts
A different Logon script can be set up for each User Id. This allows Users that to have individually defined batch files to accommodate different requirements of Users. The batch files are created and set up by the system administrator for each user in the system. They must be in the directory
Of course InstallationPath and UserLoginID are replaced with the actual values.
If both k_start.bat and c_start.bat exist then only c_start.bat is executed. You may call k_start.bat from c_start.bat. If the UserLogonID script folder does not exist, then the GSW UTS will determine if a Global Logon script exists.
The system administrator must ensure that the directory permissions for the above files and directories are correct. Remember the user and the SYSTEM must be able to read the batch file. They are executed in the security context of the user.
Example - Logon Scripting: Automatic Execution of a program upon connection
Here is an example script to allow automatic execution of a Physician’s Office Application "medical.exe" upon connection for the user login id (nurse). The Physicians office application is in the directory c:\medical.
Step 1. Create directory c:\gs_uts\scripts\nurse
Step 2. Create batch file k_start.bat
Step 3. Add line to k_start.bat c:\medical\medical.exe
Step 4. Save file and exit.
Now when the User login id "nurse" connects to the Windows system via SSH2/Telnet the application medical.exe will automatically be started. When the user exits the medical package, the Windows Command line prompt is displayed allowing other activity to occur.
Example - Logon Scripting: User restricted to execute only a specific program.
Here is an example script that will allow the User login id (bill) only to execute the amortization program amortize.exe. The amortization program resided in the directory d:\amor
Step 1. Create directory c:\gs_uts\scripts\bill
Step 2. Create batch file c_start.bat
Step 3. Add line to c_start.bat d:\amor\amortize.exe
Step 4. Save file and exit.
Now when the User Login ID "bill" connects to the Windows system via SSH2/Telnet the application amortize.exe will automatically be executed. When the user exits the amortization package, the SSH2/Telnet session will terminate.
Global Logon Scripts
There are situations where the system administrator may want to have the same logon script executed by all the users upon connection. Instead of creating a logon script for each and every user, a single logon script can be created that will be executed by all users upon connection. The Global Logon script operates in the same manner as a normal logon script except for the location of the script files. The system administrator may put the k_start.bat or c_start.bat file in the subdirectory SCRIPTS (under the install directory). The server looks first for k_start.bat or c_start.bat in user's subdirectory and will not use the global script if it can find user's script.
Example - Global Logon Scripting: Automatic Execution of a program upon connection by ALL users
Here is an example script to allow automatic execution of a Physician’s Office Application "medical.exe" upon connection for ALL users that do not have a c_start.bat or k_start.bat in their logon script directory. The Physicians office application is in the directory c:\medical.
Step 1. Create batch file k_start.bat in the SCRIPTS directory (under the install directory).
Step 2. Add line to k_start.bat c:\medical\medical.exe
Step 3. Save file and exit.
Now when any user (unless they have their own login script in their logon script directory) connects to the Windows system via SSH2/Telnet the application medical.exe will automatically be started. When the user exits the medical package, the Windows command line prompt is displayed allowing other activity to occur.
IP Address Based Logon Scripts
The capability to define different logon scripts based on the IP Address of the client logging on is another advanced feature pioneered by GSW. System Administrators may have specific mapping requirements or specific applications that must be launched depending on the location of the User that is logging on. In many cases it is easier to identify the location by IP addresses rather than User IDs. Another case may be where a User is routinely working in different locations with specific logon script requirements for each location. Another could be where different devices access different applications, regardless of the user connected. There are many other cases where IP Address based logon scripting can be used.
Associating the Logon Script to use with the IP Address is configured using the gs_ip_rt.txt file. IP Addresses can be specified as individual IP address or IP address ranges. Additionally wildcards can be used. For each entry in the gs_ip_rt.txt file two fields are specified: The IP Address (or range) and the name of the login script to use. A file gs_ip_rt.txt is installed when the GSW UTS is installed. It contains examples that are commented out to help you get started.
Notice the file in the GSW UTS installation directory: gs_ip_rt.txt
The file must reside in the Georgia SoftWorks Windows Universal Terminal Server installation directory.
NOTE: The System account must have permission to read the gs_ip_rt.txt file.
The file gs_ip_rt.txt is used for configuration of the association of IP Addresses and Logon Scripts.
The rules are simple for setting up the gs_ip_rt.txt file.
• It is a text file
• The # character is the comment character
• Each entry must start in the first column.
• Each entry consists of the IP Address (or IP Address Range) and the associated logon script filename (page 193). The logon script file must be located in the GSW UTS scripts folder.
• The IP Address and the Logon Script are separated by a single space.
IP Address Syntax. Use the industry standard 4 part syntax: format nnn.nnn.nnn.nnn when specifying the IP Address.
An example entry in the gs_ip_rt.txt file would look like:
The above entry would instruct the system that when a user connects from the IP address 10.1.1.1 the logon script k_logon70.bat should be used.
IP Address Range Syntax: An IP address range is specified as two IP addresses separated by the dash character '-'. No spaces are allowed. Below are two examples.
Example A: 10.1.1.1-10.1.10.210
Example B: 126.96.36.199-188.8.131.52
An example IP Address range entry in the gs_ip_rt.txt file would look like: 184.108.40.206-220.127.116.11 k_buildingN.bat
The above entry would instruct the GSW UTS that when user connects from any IP address that falls in the range from 18.104.22.168 to 22.214.171.124 the logon script k_buildingN.bat should be used.
IP Address Wild Cards: An IP address wild card is specified with the ‘*’ character. Wild cards can be used in place of one or more of the four parts of the IP Address.
Example A: 10.0.0.*
Example B: 192.*.*.5
Wild Cards can be used in IP Address Ranges too.
Logon Script Filename: The logon script filename associated with the IP address can be any name that you choose however it must start with either a k_ or a c_. The ‘k_’ and ‘c_’ correspond to the analogous behavior as the k_start.bat and c_start.bat (See page 189).
Example – IP BASED Logon Scripting
The ACME Company has a New York location and a Mexico location. The New York location has a north building that has a receiving dock, a manufacturing floor and a shipping dock. Each area uses different applications to update a common database. The Receiving dock uses fork lifts with vehicle mounted RF devices. The application used by the receiving dock is a custom developed application. The ACME manufacturing floor workers use hand held RF devices, mostly basic scanner guns. The Quality Assurance Engineers on the manufacturing floor use Pocket PC 2003 devices to enter comments and other information. The Quality Assurance Engineers use a different application than the manufacturing floor workers. The New York Shipping dock workers use hand held RF devices, again mostly basic scanner guns. Like before they have yet another custom application. The shipping dock workers and the manufacturing floor workers are multi-talented and can perform either duty. The ACME Mexico location in Seaside ships partially assembled components to the New York locations.
All the locations are connected to a single server running the 100 session copy of the GSW UTS. The system administrator needs to launch a different application for each group described above.
This is can be accomplished using GSW UTS Logon Scripting based on IP Addresses. We can start editing the gs_ip_rt.txt file, but first let’s make a chart of the locations, the IP addresses and the logon scripts.
The chart below contains the information needed to set up the IP Based Logon scripting.
|IP Address or Range
|ACME Ney York North
Building Receiving Dock
|126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11
|18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
|ACME Ney York North
Building Manufacturing Floor Guns
|220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199
|188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
|ACME New York North
Building Manufacturing Floor
|22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
|ACME New York North Building Shipping Guns
|220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52
|184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 126.96.36.199
|ACME Mexico Seaside Plant shipping Guns
|242.10.150.5 242.10.160.5 242.10.170.5 242.10.180.5 242.10.190.5
|242.10.191.5 242.10.192.5 242.10.192.5 242.10.194.5
Table 40 - IP Based Logon Scripting Information Table
This is how to set up the gs_ip_rt.txt file to associate IP Addresses and Logon Scripts.
Edit the file gs_ip_rt.txt and add the following lines.
#ACME North Building Receiving Dock
#ACME North Building Manufacturing Floor
#ACME North Building Manufacturing Floor Quality Assurance
#ACME North Building Manufacturing Floor Shipping
#ACME Seaside Plant Shipping Guns
Each time a User Logs on, the GSW Universal Terminal Server identifies the IP address of the User and executes the associated logon script.
A sample gs_ip_rt.txt file with examples is installed with the software. It can be easily modified and used for your purposes. This is a copy of the file.
# Georgia SoftWorks UTS IP-based selection of logon scripts
# Copyright (C) 2004 Georgia SoftWorks
# All Rights Reserved
# This file allows you to map client IP addresses to logon scripts.
# The order of fields is as follows:
# IP address OR IP address range OR IP address with wildcards
# k_logon_script_name OR c_logon_script_name
# The 'k_' and 'c_' correspond to behavior analogous to k_start.bat and
# c_start.bat respectively.
# Each entry must start in the first column.
# For example, the following entry below
# (the comment ‘#’ character must be removed to activate the entry)
# #188.8.131.52 k_logon70.bat
# instructs the system that when a user connects from the IP address
# 184.108.40.206 he should use the logon script k_logon70.bat
# IP address ranges
# An IP address range is specified as two IP addresses separated by
# the dash character '-'.
# Examples of IP address ranges
# 10.1.1.1-10.1.10.210 # 220.127.116.11-18.104.22.168
# IP address with wildcards
# An IP address with wildcards is specified by using the star character
# '*' instead of a number as one of four segments of an IP address
# Examples of IP addresses with wildcards
# 10.*.*.* # 192.*.*.22
# For security reasons this file's permissions should be set to allow only
# SYSTEM - read access
# No other accounts should be allowed to access this file.