login script runs twice

Is there a logon script defined on the actual User Account in AD too?

eguarding othe rposts

its not a duplicat eentry in the registry

or a double applied policy

ta

no, nothing in the user profile

Sure...download the Group Policy Management Tool.  This tool, allows you to run a report and show alll of the group policies effecting a computer/user.  After running this tool, you will be able to see if there are more then one GPO's running the script.

Here is the download:  http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Once you install the free tool, you can run a report to see the effect of GPO's...

hope this helps..

You only have it set in a GPO in one section (User Configuration)?  This GPO is only linked once?

I agree with NJ - download the GPMC and you can run a query to see where things are coming from.  You can also spot a cross-linked GPO immediately.

http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

You should also check to see if there is something locally configured on the workstation (for some odd reason).

I use the GPMC already

yes the GPO is only linked once

and there isnt anywhere else to put a logon script is there?

nothing configured on local machine either, same things happernes on a newly built machine


the report from the modeling wizard looks correct and shows two policys applied none denied,

one is just the default domain policy (just account details set in here)
and teh other is the site policy which has teh loging script enabled..
ta

group policy results shows it ran twice but no clue to cause, it lists the same policy\ou and same time of execution

The clue you can get by enabling User Debugging on client machine:

How to enable User Debugging:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;221833

no clues :-) i have set it in the most verbose mode and can see the policys been applied but ther are the correct ones.

What makes you to say that script runs twice?

How do you know actually?

Did you check sripts for any other script inside it. Usually script can call other scripts.

it runs twice as in ,

I have "show logon scripts visable" checked

you see the scripts run in a command window, almost at same time but one obvioulsy gets "drive already mapped" messages.

>>>you see the scripts run in a command window, almost at same time but one obvioulsy gets "drive already mapped" messages.

Could you post your script here?

yes here you go, but i doubt it is the script itself??


@echo off

rem sync time with Domain controller
net time %logonserver% /set /yes
gpupdate /target:user

rem set enviroment vairables

set OMNIS="j:\data\inclass"

regedit /s SetODBCToNewServer.reg

rem regedit /s undoodbc.reg

rem *******************************


rem Map network drives
rem check for resource utility
IF NOT EXIST %windir%\IFMEMBER.EXE copy \\asl-servertwo\netlogon\ifmember.exe %windir%

rem this section maps the V: and S: and x: drives
rem to the appropriate directories on asl-serveronees.
net use m: \\asl-serverone\shared /persistent:no
net use j: \\asl-serverone\db /persistent:no
net use u: \\asl-serverone\%username% /persistent:no

IF NOT EXIST "C:\Documents and Settings\All Users\Desktop\telephonelist.lnk" copy "M:\Common\Telephone List\TELEPHONELIST.lnk" "C:\Documents and Settings\All Users\Desktop"


IFMEMBER G_MAN_READ
IF NOT %errorlevel% EQU 1 GOTO Rdrive
net use v: \\asl-serverone\man /persistent:no
rem net use w: \\asl-serverone\man /persistent:no


:Rdrive
rem This section maps R: \\asl-cubefiles\shared
IFMEMBER g_iqr_users
IF NOT %errorlevel% EQU 1 GOTO done
net use r: \\asl-cubefiles\shared /PERSISTENT:NO



:sdrive
REM MAP DRIVE FOR other s: Drive
REM IFMEMBER groupname
REM IF NOT %errorlevel% EQU 1 GOTO xdrive
REM NET USE s: \\asl-serverone\sharename /PERSISTENT:NO

:xdrive
REM rem This section maps x: ????
REM IFMEMBER mids_group
REM IF NOT %errorlevel% EQU 1 GOTO vp
REM net use x: \\asl-serverone\sharename /PERSISTENT:NO

:VP
rem ifmember g_VP_install
rem if not %errorlevel% EQU 1 goto :done
rem call %logonserver%\netlogon\vplogon.bat
:DONE

rem wait for 5 seconds
PING 1.1.1.1 -n 1 -w 5000 >NUL
rem check for AV software (basic)
IF NOT EXIST "C:\Program Files\Symantec AntiVirus\Cliscan.dll" alert.cmd

rem check and update applications
call m:\common\admin\baps\Bapsupdate.bat

call m:\common\admin\daffy\daffyupdate.bat

rem call m:\common\admin\greatplains\gpupdate.bat

gpupdate is there as it fixes a few issues with policys not getting fully applied, it doesnt affect he twice run problem if removed

plus i just put a simple test script in which opens notepad instead

i logged on and got two notepads

site policy or how site policy applied is more likley as cause???

net use m: \\asl-serverone\shared /persistent:no

>>>call m:\common\admin\baps\Bapsupdate.bat

Where is this M drive located? On client machine?

Is this script (Bapsupdate.bat) called successfully?

Could you post your Group Policy structure with how many Group Policy, Inheritence, No Override option set etc etc.

m: is on a differnt server

yes its called and works (twice! :-)

Strange...

Did you try enabling Netlogon debugging?

Sounds like Loopback Processing is enabled on this GPO and the logon script is being called from the Computers portion of the GPO rather than the User section (yes there are two places).

If gpresult shows it runs twice then it's being processed twice - thus the loopback.

Try linking this to an OU to test - it might be a Site issue.

If you have overlapping Sites (due to subnet misconfiguration) then it's possible that it's being processed twice.  I'd like to see what happens when you link to an OU - my bet is it will work correctly.

there are only three policys in play

all are set to enabled and enforced

no blocking of ihertence going on


domain = default domain policy
just computer config for account details such as password length lockouts etc

and show scripts visable


then the "site"

has the policy that does the login script,

Netman
Hi, yes it does run properly (just the once) when attached to an OU

and loop back is configured on this particular policy.


but that needs to be there and the policy needs to be on the site too! :-)

we have several offices around the country, all the sites are correctly subnetted(just checked)  but most staff log on to citrix here at my office,

so using the sites allows, one set of settings for users logging on to local machines and another set for citrix users who are techincally logging on back at my office reguardless of where they are.


so what would i change

computer portion has "start up" not "logon" scripts and that is empty, or are you talking about something differnt

This is a shot in the dark.  And might not apply to what you're are doing... but just for arguements sake... create another batch file.

In the batch file call the original login script like this... %0\..\logon.bat

Put that file into the NETLOGON directory or whatever dir you ahve the logon.bat in.  Then just call that at logon and see if that works.

Spag Yetti

already tried a few threads up

it is down to loop back

but i know this sounds lame, I cant remember why i have loopback on,  im pretty sure i would have done it for a reason,

I have disabled it, and see what happerns tomorrow when 1000 people log on :-)  its all charecter building stuff.

I have done a few test and all seems fine with it switched off. but as i said "was there for a reason"

You could also change the Loopback process to Replace rather than merge.

Is it necessary to have the Logon script being called from the loopback policy?  The policy that controls the users account object will handle this.