Vista Logon Scripts – Launchapp.wsf
Posted by Jarvis on March 27, 2008
After switching to Vista (18 months ago…beta 2), I realized that my logon script wasn’t running anymore, but I didn’t really pay attention to it until this week…I’m needing to roll out Vista computers to some users at the office…so I need the logon scripts to work. In doing some research I found out why they don’t work. I won’t do a full write up of the reason, but basically it has to do with User Account Control and whether or not the user is a local admin on the computer. You can read a decent description of the issue here.
To get the logon script to work in this instance, you need to use a script named launchapp.wsf (scroll all the way to the bottom of that link) that you can get from the Technet site. That script is one that you use to launch your logon script. It schedules the script to run as a task as the interactive user. It works well…but there are a few issues that I read about and experienced personally.
First, launchapp.wsf does not work for an XP client. So…if a user logs in on a Vista computer and an XP computer…the logon script will work on one or the other…but not both. Or if you are using a GPO to assign your logon script, then it will only work for either XP computers or Vista computers.
Second, if you run multiple scripts (or the same script multiple times), the first will run, but the others will fail. This is because launchapp.wsf creates a scheduled task with a name of “Launch App As Interactive User”. It fails because it can’t create the second task with the same name.
So, I set out to fix those two issues. First, let me say that I am not a great scripter. I understand VBScript. I can write it…I’m not great, but I am adequate. One aspect of script writing that I am very good at is copying something that someone else wrote and massaging it to fit my purpose. That is what I did to fix these problems…a combination of massaging others’ code and writing some of my own.
To fix the issue of launchapp not working with XP, I added a section of code that determines the OS. If the OS is XP, it runs the logon script normally. If it is Vista, it runs it via scheduling the task.
Fixing the multiple scripts / multiple runs issue was more difficult. What I was able to deduce is that the issue is a missing setting in the original launchapp.wsf that you can copy off of the Technet site. Basically when the task is scheduled, it doesn’t expire. I dug through and found the property to set (EndBoundary). I set the script to make the task expire in two minutes. To do that I had to find a way of adding two minutes to the current time and format the date/time to fit the way that EndBoundary requires. Once adding that to the launchapp script, it wasn’t a problem.
You can download my modified version of Launchapp (PDF…my hosting provider restricts what kind of files I can upload…TXT is not one of them.). The pages that I used as reference material, or that I copied code from can be found here, here, here, here, here, here, here and here.
Let me know if it helps or if you have suggestions of how to improve it.
Kevin said
Do you know how to have the launchapp.wsf to schedule with “Highest Privileges”? I KNOW it’s a weird request, but it will fix a long, complicated problem that I’d rather not go into right now.
Jarvis said
I think the info you are looking for can be found on this page.
That page says that to do this you need to set the runlevel property to “TASK_RUNLEVEL_HIGHEST”.
I’ll let you figure out how to add that to the script. Once you get the answer, if you could post back what you find it would be appreciated!
Kevin said
Yeah, I found that page, and have been messing round for awhile. But, since I don’t really know VBScript, all I’ve added is this, following the format of other things in other examples:
‘********************************************************
‘ Set the principal for the task
‘********************************************************
Dim principal
Set principal = taskDefinition.Principal
principal.RunLevel = TASK_RUNLEVEL_HIGHEST
Or, instead of TASK_RUNLEVEL_HIGHEST, I think it may be 1. The former creates the task, the latter doesn’t, but neither actually have the checkbox marked for “Run with highest privileges.” If I could also just edit it to call from an XML file (which IS possible), would be great, but, even though I see the page on that site for it, I don’t understand it, and they give no examples.
Jarvis said
Yeah, I also had a hard time finding information on this as well. It is definitely not well documented…or at least not in such a way that those of us who don’t know what we are doing can do something useful!
Kevin said
Apparently that does work — however, it requires admin privileges now to run the script, which, of course, defeats the purpose. *sigh* Now if I could find the way to import an XML file, THAT might work.
Kevin said
Oh, and it works with the principal.RunLevel = 1, instead of TASK_RUNLEVEL_HIGHEST
Joe said
Jarvis,
I am having a couple of issues with this. The code that you added to add the additional time to the taskscheduler requires the file MSSTDFMT.dll be present on the machine. This is not true of my installation. the second issue is that with this and with the sample script provided by Microsoft, the computer still prompts you twice when you login to tell you that it is scheduling the task and that the task has been scheduled. The drive mapping should be transparant at login.
Any suggestions?
Jarvis said
I’m pretty sure (could be wrong) that “MSSTDFMT.dll” comes from one of the .NET Framework packages, so you might want to check that.
I never got the prompts when scheduling the task…it was all silent. Sounds like something particular to your environment/setup that unfortunately I don’t have an answer to. But for that matter…if you don’t have the “MSSTDFMT.dll” file…how are you getting the script to run in the first place?
Joe said
I’ll try installing the .Net Framework packages. I imagine you are probably correct on this account.
As for my environment, i’m running a test computer with a clean installation of Windows Vista Business using default settings loaded at installation.
As for getting the script to run without the file, I commented out the section that adds the time to try and troubleshoot where the script was failing.
Joe said
The specific two messageboxes that I am getting are:
Task definition created. About to submit the task…
Task Submitted.
Joe said
Do you have any idea about the prompts now that I’ve given you some more specifics on my environment?
Jon said
As Jarvis said, it might be environment specific, but the easy fix is to just delete the two lines that start with wscript.echo, as those are what you use to output text in message box format with VBscript.
On a side note, wscript.echo is an excellent tool when troubleshooting your login scripts as you can insert in places throughout your code so you can see where the code is going, what values are being held in variables, etc.
Jarvis said
Thanks Jon. I haven’t had time to look at the script myself this week, but after seeing your comment I remembered doing exactly that. I did have the message boxes that Joe mentioned initially, and commenting/deleting those lines in the script is exactly how I got rid of them.
Great job chief!
MrMMills said
Hey Jarvis, I see you found my posts from 2007 at
http://mcpradio.com/forums/forum_posts.asp?tid=3604&pn=1
http://mcpmag.com/forums/forum_posts.asp?tid=3604&pn=1
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_Vista/Q_23844140.html
http://www.freelists.org/post/gptalk/Vista-logon-scripts-launchappwsf-and-the-other-need-to-know
I was trying to get the word out back then about Vista/Group Policy/and elevated tokens.
I should have a copy of the the original launchapp2.wsf at home if you want to compare your script against it. Alot has happened since 2007 so I’m sure yours has added features. The benefit with launchapp2.wsf is that you could incorporate it into all needed GP scripts and it would work with both Vista and XP – so you wouldnt have to have seperate GPO’s for each operating system. I’ll see if I can find it and post it for you.
Kudos – Thanks for writing the new article and the newer script! Keep it coming….
Deepak said
Hi Jarvis-
I have gone through the above post that is recalls me an issue while executing the below vbscript:
Vbscript to create a Schedule Task:-
————————————————————————————————
Const TASK_TRIGGER_DAILY = 2
Const TASK_ACTION_EXEC = 0
Const TASK_CREATE = 2
Const TASK_RUNLEVEL_HIGHEST = 1
Set objService = CreateObject(”Schedule.Service”)
objService.Connect
Set objFolder = objService.GetFolder(”\”)
Set objTaskDefinition = objService.NewTask(0)
Set colTasks = objTaskDefinition.Triggers
Set objTrigger = colTasks.Create(TASK_TRIGGER_DAILY)
objTrigger.DaysInterval = 1
objTrigger.StartBoundary = “2006-06-27T08:00:00-00:00″
Set colActions = objTaskDefinition.Actions
Set objAction = colActions.Create(TASK_ACTION_EXEC)
objAction.ID = “Daily Task Test”
objAction.Path = “C:\Windows\System32\sdclt.exe”
Set objInfo = objTaskDefinition.RegistrationInfo
objInfo.Author = “Administrator”
objInfo.Description = “Test task that displays Windows Backup Status and Configuration tool daily.”
Set objSettings = objTaskDefinition.Settings
objSettings.Enabled = True
objSettings.Hidden = False
Set objSecurity = objTaskDefinition.Principal
objSecurity.RunLevel = TASK_RUNLEVEL_HIGHEST
objFolder.RegisterTaskDefinition “Test Daily Trigger”, objTaskDefinition, TASK_CREATE, , , 0
———————————————————————————————–
Executing the above script prompts an error message:
Error:Permission denied
Code:800A0046
Source: Microsoft vbscript Runtime error
Can you please assist if we can create the scheduled task with the above code with any error message???
Thanks in advance
Jarvis said
Sorry chief…I’m swamped…no way I can help with this. Maybe someone else who reads this will help you out.