This guide explains how to configure a startup script using Active Directory Group Policy (GPO) in a domain environment, ensuring proper execution and system-level permissions.
If you do not provide user account details, the script will run under the locally logged-in user account by default. However, this behavior differs depending on whether the script is configured as a logon script or a startup script.
The recommended approach is to configure the script as a startup script under the Computer Configuration section in the Group Policy Management Console (GPMC). This ensures the script runs under the local machine context.
To modify Group Policy in a domain environment, you must have Domain Administrator privileges. Without sufficient permissions, changes to domain-level policies cannot be applied.
The script must be stored in a central location accessible by all domain controllers. The recommended location is the NETLOGON shared folder, which automatically replicates across the domain.
\\yourdomain\netlogon %systemroot%\SYSVOL\domain\scripts
Open the Group Policy Management Console using: gpmc.msc
Select the appropriate Organizational Unit (OU):
Apply to all domain controllers by selecting the Domain Controllers OU, or choose a specific OU to target selected computers only.
Right-click the selected OU and choose: Create a GPO in this domain and link it here. Assign a meaningful name such as Startup Script Policy.
Edit the GPO and navigate to: Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown) > Startup
Specify the script path: \\yourdomain\netlogon\gomyid.bat
To apply the policy immediately, force a Group Policy update using:
gpupdate /force For a single computer only: gpupdate /target:computer /force