?
Solved

Prevent Logon Scripts on Server

Posted on 2004-08-25
2
Medium Priority
?
263 Views
Last Modified: 2010-04-14
I have applied logon scripts to be run across the domain through the "Default Domain Policy."  I want to prevent the logon scripts from running on the Domain Controllers.  I have unchecked "No Overide" on the Default Domain Policy, and blocked policy inheritance under the "Domain Controllers" OU, but the script still runs.
0
Comment
Question by:deriickmu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 9

Accepted Solution

by:
jdeclue earned 375 total points
ID: 11893228
Remove the logon scripts from the Default Domain Policy. Do not make changes to the Policy or place any new ones in the ROOT. This can and most likely will cause serious issues in you AD environment. Create a New Policy on a Container such as "Corporation Users" Or "Corporation Computers", right click on the OU and create a GPO there.

Background. THere are two default GPO's Default Domain Policy at the root, and Default Domain Controller Policy on the Domain Controllers OU. Anything put in the ROOT will apply to all OU's including the Domain Controllers etc. You should not move the Domain Controllers from the default container, they need to be treated differently than all other computers and do not apply any GPO changes to the ROOT of the domain.

J
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11893681
P.S. One more thing, make sure you set the Domain Controller OU back to the way it was regarding Overrides and policy inheritance, after you remove the changes you made to the Default Domain Policy. THe domain controllers need the Default Domain Policy the way it was, they get that policy and the additional settings from the Default Domain Controllers Policy.

Very bad test... do not do this, unless it is a test lab. Bring up a domain, create a new OU and move the Domain Controllers to it. Usually within about 1 hour, you will begin to lose tha ability to log in to the domain. After a little while the Domain controllers will begin to fail. It is really nasty.

J
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question