SSO Auto Script

I’m trying to get the automatic login with sso to work. I am in a AD environment and thus far I have created an msi that works and I can use SSO. The last step I need is the one involving the script. All I need is a script that will create the spark folder in the user profile and then copy the file over to that directory. I’m kinda of new to the whole windows side of things so writing the script from scratch is kind of out. Thanks in advance for the help.

First what OS is on the clients?

All of them are windows xp or windows 2000

You will need to create a group policy login script. This is a user level setting, not computer level. Just create a bat file with notepad with the following text:

if not exist “c:\Documents and Settings%username%\Spark\” goto :usermd else :end


md “c:\Documents and Settings%username%\Spark”

xcopy -f -y “%logonserver%\netlogon\Spark\ c:\Documents and Settings%username%\Spark*.*”



Is there anything I need to change in that text to make it work for my setup or should the copy and pasted text simply work?

It should just work. I used all generic naming.

Ok here is what I did.

I created a user called test and placed him in the same OU as my spark test machine.

I then created a new group policy at the user level and selected the “login” when I created it.

I then created the .bat file and placed it in the directory it created for the login script.

Then in the netlogon folder I made a folder named Spark and placed the file in there.

I booted up the test machine and the msi installs but the rest doesn’t - any ideas?

On the group policy that will control this roll out these are the steps:

  1. Create the group policy (disable ths computer half)

  2. Add a logon script to the policy at User Configuration\Windows Settings\Scripts\Logon

  3. Double click the Logon

  4. Click Show Files in the new window

  5. Copy the bat file to the location that just opened in previous step and close the window

  6. Click the Add button the Logon Properties window

  7. Browse to the bat file to ensure proper naming

  8. Ok out of all remaining windows and close policy

  9. Enable the policy

  10. Do a gpupdate from a cmd prompt as the User who will get the policy

  11. Reboot when prompted

Could I suggest you change the script slightly? The path you use as the profile path isn’t necessarily correct.

Consider if you have a local user (who has logged in previously) and a domain user, both using the same username.

You may want to consider using the %userprofile% variable as the base of the profile path to avoid any issues


I always forget to allow for that little issue as it would never happen here. We only allow domain users. Plus there is delprof to remove those unwanted profiles.

Ok it half works. I did everything you said and when I log into the test machine with test user it installs the software. When I check their user directory I see that a spark folder has been created, but the file is not in it. This leads me to believe I have the file stored in the wrong place on the server. Using the instructions you have above where should the file be located on the server?

they need to be in the Spark folder in the netlogon folder of the domain controller that the user authenticates against. The path is %logonserver%\netlogon\Spark\ this can also be accessed a different way. Say your domain is then the path can be file://

Make sure you edit the properties file to remove any personal settings.

It’s an easy fix, so just thought I’d mention it given that you’ve published the script to others.

All it’d take to trigger the ‘bug’ is a multi domain environment with the same usernames in both (at which point delprof wouldn’t help you).


Well I do have the file in the right spot so I am confused as to why it doesn’t copy it over. I am a in a multi domain environment but the second domain server isn’t doing any authentication for this and the files aren’t stored on that server so I am unsure of why it isn’t working. Any other ideas?

The script looks like it should work (though it can certainly be improved).

I’d just test to see where the script falls down.

Firstly, paste this after clicking start -> run (with quotes):


It should open your file, assuming the file is in the right place.

When doing that from the client machine it opens it with no problems.

Ok - are you sure the policy is being applied (and thus the script being run)?

What happens if you run the script manually from the GPO (you’ll have to dig around in %logonserver%\sysvol to find it.

I think your problem is all my fault. I was in a rush when I typed last time. let us try this again:

if not exist “c:\Documents and Settings%username%\Spark\” goto :usermd else :end


md “c:\Documents and Settings%username%\Spark”

xcopy /y %logonserver%\netlogon\Spark\ “c:\Documents and Settings%username%\Spark*.*”


xcopy /y %logonserver%\netlogon\Spark\ “c:\Documents and Settings%username%\Spark*.*”


You may want to test the bat file from your computer from a cmd window to check for more typo errors. I am only human after all.

You guys freaking rock!! That works perfectly. The install works, the script works and SSO works!! Thanks again everybody - you have just made my day!!

Sorry for my syntax errors, guess I should proff read before submitting.

ps. Don’t forget to close the thread and award points as warranted.