• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

Prevent Logon Scripts on Server

I have applied logon scripts to be run across the domain through the "Default Domain Policy."  I want to prevent the logon scripts from running on the Domain Controllers.  I have unchecked "No Overide" on the Default Domain Policy, and blocked policy inheritance under the "Domain Controllers" OU, but the script still runs.
0
deriickmu
Asked:
deriickmu
  • 2
1 Solution
 
jdeclueCommented:
Remove the logon scripts from the Default Domain Policy. Do not make changes to the Policy or place any new ones in the ROOT. This can and most likely will cause serious issues in you AD environment. Create a New Policy on a Container such as "Corporation Users" Or "Corporation Computers", right click on the OU and create a GPO there.

Background. THere are two default GPO's Default Domain Policy at the root, and Default Domain Controller Policy on the Domain Controllers OU. Anything put in the ROOT will apply to all OU's including the Domain Controllers etc. You should not move the Domain Controllers from the default container, they need to be treated differently than all other computers and do not apply any GPO changes to the ROOT of the domain.

J
0
 
jdeclueCommented:
P.S. One more thing, make sure you set the Domain Controller OU back to the way it was regarding Overrides and policy inheritance, after you remove the changes you made to the Default Domain Policy. THe domain controllers need the Default Domain Policy the way it was, they get that policy and the additional settings from the Default Domain Controllers Policy.

Very bad test... do not do this, unless it is a test lab. Bring up a domain, create a new OU and move the Domain Controllers to it. Usually within about 1 hour, you will begin to lose tha ability to log in to the domain. After a little while the Domain controllers will begin to fail. It is really nasty.

J
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now