Appendix C: Creating Group Policy Objects to Assign Logon Scripts in Microsoft Windows

Some of the procedures in the Secure Browser subtopic of the Windows topic of the Operating System Configuration section refer to creating a group policy object that contains instructions for Windows to execute upon certain events. The procedure in this appendix explains how to create a group policy object that runs a script when a user logs on. The script itself is saved in a file called logon.bat.

  1. In the task bar (Windows 10 or Windows 11), or in StartRun (previous versions of Windows), enter gpedit.msc and then select the link. The Local Group Policy Editor window, shown in figure 1, appears.

    Local Group Policy Editor window with the Scripts (Logon/Logoff) option indicated

    Figure 1. The Local Group Policy Editor window

  2. Expand Local Computer PolicyUser ConfigurationWindows SettingsScripts (Logon/Logoff) (indicated in figure 1).
  3. Select [Logon] and then double-click. The Logon Properties dialog box appears.

  4. Select [Add…] (indicated in figure 2). The Add a Script dialog box appears.

    Logon Properties dialog box with the Add... button indicated

    Figure 2. The Logon Properties dialog box

  5. Select [Browse…] (indicated in figure 3) and navigate to the logon.bat to be run.

    Add a Script dialog box with the Browse... and OK buttons indicated

    Figure 3. The Add a Script dialog box

  6. Select [OK] (also indicated in figure 3) to return to the Logon Properties dialog box.
  7. Select [OK] to return to the Local Group Policy Editor.
  8. Close the Local Group Policy Editor.