Phone Lines icon GFI Support Home

Articles in this section

Configuring Login/Logout scripts via GPO

Author: Central KB Updated

Overview

It is possible to automate the users' authentication process in Kerio Control by creating a Group Policy Object containing scripts to log in and log out users from Kerio Control.

This article serves as a guide to configuring the Windows Active Directory GPO to automatically log in and log out users from Kerio Control

Important: The screenshots used in this article are based on Active Directory running on Microsoft Windows Server 2008 Domain Controller.

Solution

  1. Connect to your domain controller. Go to Start > Administrative Tools > Group Policy Management.

    gp21

  2. Select the domain and go to Action > Create a GPO in this domain, and Link it here...

    gp22

  3. Enter an appropriate name to this policy.

    gp3

  4. After creating the object, select Action > Edit....

    gp23

  5. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone.

    gp24

  6. Look for Logon options and double-click on it.
  7. In the Logon options dialog box, click on Enabled and select Automatic logon with current username and password option from the Options drop-down menu.
  8. Apply these changes.

    gp6

  9. Select User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).

    gp25

  10. Double click Logon and click Add... in the properties box.

    gp8

  11. Click Browse....

    gp9

  12. Create two files: logon.vbs and logon.bat. Use the sample code in the table below for reference, changing the logon script path:
    File Code
    logon.vbs

    Dim oIE

    Set oIE = CreateObject("InternetExplorer.Application")

    oIE.Visible = False

    oIE.Fullscreen = False

    oIE.Toolbar = True

    oIE.Statusbar = True

    oIE.Navigate("http://www.google.com/")

    WScript.Sleep(30000)

    oIE.quit
    logon.bat

    cscript //nologo \\domain\sysvol\..\logon.vbs
  13. Select logon.bat with a double-click and click OK.

    gp12

  14. Select Logoff with a double-click and click Add....

    gp18

  15. Click Browse...

    gp9

  16. Create two files: logoff.vbs and logoff.bat. Use the sample code in the table below for reference, changing the logoff script path:
    File Code
    logoff.vbs

    Dim oIE

    Set oIE = CreateObject("InternetExplorer.Application")

    oIE.Visible = False

    oIE.Fullscreen = False

    oIE.Toolbar = True

    oIE.Statusbar = True

    oIE.Navigate("http://<Kerio Control Server IP address>:4081/internal/logout")

    WScript.Sleep(30000)

    oIE.quit
    logoff.bat

    cscript //nologo \\domain\sysvol\..\logout.vbs
  17. Select logoff.bat with a double-click and click OK.

    gp19

  18. Double-check GPO settings and close Group Policy Management.

    gp28

  19. Open Kerio Control Web Administration Interface. Go to Advanced Options and disable Force SSL secured connection (recommended).
  20. Apply this change.

    IMPORTANT DISCLAIMER:

    Disabling this option will ignore the browser message: website's security certificate contains invalid information and it will allow Kerio Control authentication using NTLM authentication even the SSL certificate is not trusted on the local machine (eg. in case of self-signed SSL certificate). At the same time, this can be a security risk because users send their credentials to Kerio Control server using a plain-text format over an unencrypted channel.

    For correct encrypted communication, it is required to have trusted signed SSL certificate for the URL of the Kerio Control web interface.

    force_ssl_secure_disabled.png

  21. Go to Domains and User Login and enable Always require users to be authenticated when accessing web pages and Enable automatic authentication using NTLM.
  22. Apply these changes.

    always_require_auth_and_ntlm.png

Was this article helpful?
1 out of 1 found this helpful

Related articles