Logon Scripts, Group Policy Preferences, and Server 2003 End Of Life: Part 3

One of my favorite things about group policy preferences is the method that you can use to target groups of users or computers.

One of the most challenging aspects of writing logon scripts, and one of the reasons they become so convoluted, is that getting user and computer targeting right is complicated. Using a script to specify that computers from the accounting department on the third floor of the Dandenong office should use one specific printer while ensuring that computers from the sales department on the third floor of the Dandenong office should use another is possible. It’s also kinda complicated.

Group policy preferences allow you to configure item level targeting, a process that’s far more intuitive than wrestling with regular expressions. Using the targeting editor, you can target specific users and computers by selecting one of the following:

The Targeting Editor is GUI based. When you select one of the items above, you get to configure item specific properties. For example, if you select IP Address Range, you get a dialog box where you enter the range. As you can imagine, this is a lot more straightforward than remembering the correct variable name and syntax for such a variety of different items.

So when moving from Windows Server 2003, consider replacing as much of your logon scripts as possible with the functionality present in group policy preferences.