For security concern, we deploy the 802.1x mechanism into the network production. That is Cisco ACS play a Policy role and Microsoft AD play a radius role. So do that let user's computer have to join Domain and also need to log on Domain environment when boot OS first. Otherwise, it cannot get a legal IP address so that influence network access as Email, Internet and so on.
This is good idea that let all computers need to be join Domain for management. But it exist a drawback --- the user's computer have to add the special VLAN group before connect to OA environment. If not do it, we will disconnect network function when change personal password.
How many computers never are added VLAN group? Who use these computer? What is computer name?
For finding this answer, we think whether can get these information when user log on domain. This method is by Script!
The following is my experience for your reference.
Lab Introduction
1. Server environment:Forest function level and Domain function level = windows 2003
Ø First Domain Controller : Windows 2003 R2 Enterprise Server
Hostname = TEST-DC-00
IP Address = 10.10.102.11
Ø Second Domain Controller : Windows 2008 R2 Enterprise Server
Hostname = TEST-DC-01
IP Address = 10.10.102.12
Ø Domain Account:
2. Workstation environment:
Ø Windows 7 x86 Enterprise version with Service Pack 1
Ø Windows XP x86 Profession version with Service Pack 3
Implement
1. Create a command file as “GetInfo.cmd”
2. Create a script file as “GetUserNameAndComputerName.vbs”
3. Create a new GPO on what you want to deploy logon policy
4. Edit this new GPO under “User Configuration”
Next to add “GetInfo.cmd” on Logon Properties
5. Put this “GetUserNameAndComputerName.vbs” on \\DomainName\NETLOGON
Verification
For Windows XP
i. Logon Domain by general user
ii. Script automatically get information next to write on shared folder
iii. Open this file to verify whether the information is wrote on content
For Windows 7
i. Logon Domain by general user
ii. Script automatically get information next to write on shared folder
iii. Open this file to verify whether the information is wrote on content