GPO: Run PowerShell logon script after explorer.exe has been loaded

I know there is the GPO setting "Computer Configuration => Admin. Templates => System => Scripts => Run logon scripts synchronously". This, however, ensures that logon scripts run before Windows Explorer starts loading (when enabled).

I need the opposite thing. I want to ensure that the explorer.exe has loaded successfully and execute the PowerShell logon script afterwards. This is due to some weired dependencies of an application I need to trigger.

I tried disabling the setting which according to the description should allow running file explorer and the script simultaneously. Unfortunately, it does not (yes, I did reboots and gpupdates...)

So I tried to add a function called wait-for-explorer() to my PowerShell logon script. It sleeps in a while loop until explorer.exe is running. However, this seems not to work right.

What is the best and cleanest way to solve this? Is there a GPO setting I am overlooking?

This is what the code looks like:

Function Wait-For-Explorer
{   
    $process = 'explorer.exe'
    $waitTime = 1

    While ($owner.User -ne $env:USERNAME) 
    {   
        try 
        {     
            $owner = (Get-WmiObject -class win32_process | where { $_.ProcessName -eq $process }).GetOwner() | Select -Property User
        }
        catch
        {
            Write-Host "Zzzzz...."
            Start-Sleep -Seconds $waitTime
        }
    }

    Write-Host "Process ${process} is running..."
}

Update

I found the answer to my question and why there is no such option provided by Microsoft. The reason is that according to the Technet article How Core Group Policy Works, the processing of Group Policy is synchronous, which means that computer Group Policy is completed before the logon dialog box is presented, and user Group Policy is completed before the shell is active and available for the user to interact with it. This in turn means there is no (direct) possibility for the group policy engine to start a process after the user shell has been loaded...

Solution 1:

I just stumbled above the following setting:

User Configuration => Policies => Administrative Templates => System => Logon => Run these programs at user logon

When calling my scripts from here everything works. This (seems to) act in the same way as the "Logon Script" within the AD user object does. It waits for the File Explorer to finish loading and afterwards executes the scripts... so mission accomplished! Thanks to all!

Solution 2:

Have you tried running it as a scheduled task with a trigger of "user logon"? This might eliminate the need for a function like that.

SCHTASKS /Create [/S system [/U username [/P [password]]]]
    [/RU username [/RP password]] /SC schedule [/MO modifier] [/D day]
    [/M months] [/I idletime] /TN taskname /TR taskrun [/ST starttime]
    [/RI interval] [ {/ET endtime | /DU duration} [/K] [/XML xmlfile] [/V1]]
    [/SD startdate] [/ED enddate] [/IT | /NP] [/Z] [/F]

Description:
    Enables an administrator to create scheduled tasks on a local or
    remote system.

Parameter List:
<...many switches delted...>
/SC   schedule     Specifies the schedule frequency.
                   Valid schedule types: MINUTE, HOURLY, DAILY, WEEKLY,
                   MONTHLY, ONCE, ONSTART, ONLOGON, ONIDLE, ONEVENT.