logon script

This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS style CR/LF line endings. Using a DOS-style editor to create the file is recommended. The script must be a relative path to the service. If the [netlogon] service specifies a of /usr/local/samba/netlogon, and STARTUP.BAT, then the file that will be downloaded is:

The contents of the batch file are entirely your choice. A suggested command would be to add NET TIME \\SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE U: \\SERVER\UTILS for commonly used utilities, or

for example.
Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached.
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
This option is only useful if Samba is set up as a logon server in a classic domain controller role.
If Samba is set up as an Active Directory domain controller, LDAP attribute scriptPath
is used instead. For configurations where ldapsam is in use,
this option only defines a default value in case LDAP attribute sambaLogonScript
is missing.

Example: scripts\%U.bat

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

logon script

Registry PathSoftware\Policies\Samba\smb_conf\logon script
Value Namelogon script
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)