Solved

Prevent Logon Scripts on Server

Posted on 2004-08-25
2
258 Views
Last Modified: 2010-04-14
I have applied logon scripts to be run across the domain through the "Default Domain Policy."  I want to prevent the logon scripts from running on the Domain Controllers.  I have unchecked "No Overide" on the Default Domain Policy, and blocked policy inheritance under the "Domain Controllers" OU, but the script still runs.
0
Comment
Question by:deriickmu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 9

Accepted Solution

by:
jdeclue earned 125 total points
ID: 11893228
Remove the logon scripts from the Default Domain Policy. Do not make changes to the Policy or place any new ones in the ROOT. This can and most likely will cause serious issues in you AD environment. Create a New Policy on a Container such as "Corporation Users" Or "Corporation Computers", right click on the OU and create a GPO there.

Background. THere are two default GPO's Default Domain Policy at the root, and Default Domain Controller Policy on the Domain Controllers OU. Anything put in the ROOT will apply to all OU's including the Domain Controllers etc. You should not move the Domain Controllers from the default container, they need to be treated differently than all other computers and do not apply any GPO changes to the ROOT of the domain.

J
0
 
LVL 9

Expert Comment

by:jdeclue
ID: 11893681
P.S. One more thing, make sure you set the Domain Controller OU back to the way it was regarding Overrides and policy inheritance, after you remove the changes you made to the Default Domain Policy. THe domain controllers need the Default Domain Policy the way it was, they get that policy and the additional settings from the Default Domain Controllers Policy.

Very bad test... do not do this, unless it is a test lab. Bring up a domain, create a new OU and move the Domain Controllers to it. Usually within about 1 hour, you will begin to lose tha ability to log in to the domain. After a little while the Domain controllers will begin to fail. It is really nasty.

J
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group Policy 9 561
P2V conversion for Windows NT 4.0 Server 2 2,321
Windows task manager not executing scheduled task correctly? 6 157
reboot server with scheduled time and week base 4 64
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In order to fulfill our mission of inspiring learning in the technology community, Experts Exchange is launching a Course of the Month program. Premium and Team Account members will have access to one course per month as a part of their membership, …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question