This post succinctly sums up significant research that I did over the last few days on the available means of setting environment variables for a Windows Domain Group of users at logon time. A Java Swing-based desktop application I'm helping a client with reads environment variables for its connectivity settings (server IP, etc.), so, it is logical that there needs to be a way to distribute these environment variables all all users from the Domain Controller. Below are the results of that research.
My research says there are four ways to do this. I started at the Microsoft Logon Script documentation pages and fanned out from there.
Login Script Batch File
Windows Server 2000, 2003, 2008
Login batch file (.BAT) scripts are just a temporary instance of a CMD window, and the environment variables set in there go away as soon as the login window closes.
set MYVAR=MyValue
Won't work for the aforementioned reason.
So, alternatively, I can try to set the variable via directly writing to the registry like so for a System Environment Variable:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v MYVAR /t REG_EXPAND_SZ /d MyValue
or to the User Environment Variables like so:
reg add HKCU\Environment /v MYVAR /t REG_EXPAND_SZ /d MyValue
The drawback here is that the variables, though written to registry, are not read until the next login for all I can see. A new CMD window shows no trace of them until the user re-logs-in.
Login Script WSH VBS File
Windows Server 2000, 2003, 2008
With a Visual Basic Script (VBS) login script, you can use a more programmatic method to access the environment variables. This is looking like my most viable approach. This example would append to the end of PATH.
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
WshEnv("Path") = WshEnv("Path") & ";M:\DB\whatever\"
This example would just set the variable.
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("SYSTEM")
WshEnv("MYVAR") = "MyNewValue"
This approach yields variables that are immediately available via a CMD window. No reboot is required like the batch file registry writes.
ADM File
Windows Server 2000, 2003, 2008
ADM files are a way to expose custom functionality of settings to the Group Policy Editor. It seems tricky to get them installed and visible on the domain controller so I'm jumping over this option.
Microsoft Support TechNet Reference on ADM File Locations.
Another article about ADM files and using them to set Registry settings.
Tom's Hardware on ADM Files.
---- set.adm ----
CLASS MACHINE
CATEGORY "Environment"
POLICY "Self dfined variables"
KEYNAME "SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
PART "Set MyVar1 =" EDITTEXT
DEFAULT "MyValue1"
VALUENAME MyVar1 ; EXPANDABLETEXT
; add expandabletext if it can contain Variables itself
END PART
END POLICY
END CATEGORY
---- set.adm ----
Group Policy Preferences (GPP)
Windows Server 2008
Windows Server 2008 has a new feature called the Environment Extensions for the Group Policy Preferences. It allows you to conveniently set what otherwise required complex batch scripts. The new items exposed include registry values, environment variables, and more. A quick how-to guide is available here.
I can't use this option because my clients don't have Windows Server 2008.