Using a batch file is appropriate IF it has merit.. supporting Win9x systems in certain older AD environments needed the batch file. Current systems do not receive any benefit from doing so, and the batch file simply adds one more level of complexity to the environment. Things are hard enough to troubleshoot - why add more layers without adding value?
Changing the users login script setting is quite easy, either through the GUI or programatically. From the GUI, simply select ALL of the users (or all the users that you want to change), right-click and select properties. Change the login script property and click OK. Kix can be used to script the change, enumerating the users, selecting them based on criteria, and updating the setting.
As for using folder structure in NetLogon, the same logic applies. Don't do it just to put your login scripts in a folder - that's what NetLogon is for. Not my words, but those of a MS engineer that came on-site to do an AD audit (RAP) at a large client. We had used a subfolder to hold the login script during a migration from one AD structure to another, and had not removed it when the audit started. Of course, if there's a reason (different divisions using different scripts) then that's OK. I've seen clients that put their single login script into a subfolder and have the Netlogon root empty - that's not recommended by MS and doesn't make much sense to me.
Our login script actually handles the different division processing quite well, either using a division-specific name for the script or using the standard name in a folder.
The general point is - KISS makes sense. Appropriate complexity for security or management, but not beyond or without value.
Glenn
_________________________
Actually I
am a Rocket Scientist!
