Solved

GPO Logon script - MIA?!

Posted on 2004-09-14
21
304 Views
Last Modified: 2010-04-14
Hello..   some time ago, I configured a logon script to map a network drive for all users in my AD domain.  I could have sworn I did it through Group Policy. Now I want to make an addition to the script, but when I go look in the GPO editor there are no logon scripts listed there.  The original script is still working for everyone and is being run on new computers added to the domain.. but I can't find the script settings anywhere!

It's quite possible I am missing some place to look, or maybe there is some weirdness going on..  I have looked in the GPO editor under user configuration, windows settings, scripts. Where else might it be living, or what might be going on here?

I appreciate any suggestions.
0
Comment
Question by:itsadmin
  • 10
  • 8
  • 2
  • +1
21 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12056821
Hi

Try looking in netlogon,

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12056858
Although it may be that although the script has been removed, that the drives are just reconnecting at logon rather than being mapped by a script. Try running gpresult /v from a command prompt on a client login, you'll see if the script is running or not,

Deb :))
0
 

Author Comment

by:itsadmin
ID: 12057562

NETLOGON is empty, as is SYSVOL\domain\scripts.  

The script did not set up persistent mappings, so I'm pretty sure it's still running.  Also, you can see it execute on slower machines, and new machines added to the domain start running it as well.

found this in the output from gpresult;

      The following settings were applied from: Default Domain Policy

          KeyName:      Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
          ValueName:      1
          ValueType:      REG_SZ
          Value:      net use n: \\domain\shares\dfssharename

this is it right there.. so now the question is, where is this setting in the GPO explorer? Obviously I have forgotten what I did, because I can't find it anywhere.. :(

Thanks for your help
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12057938
Hi

Yep - It's definitely being pulled - looks like from your default domain policy. In your sysvol you should see a folder called "yourdomain.com". Open this, and you should see a folder called policies. Open this and there will be a folder that contains the gpo for each ou that you have, including the domain ou. Open these up and you should see three folders - user machine and adm. These relate to the user and machine policies and admin templates for that specific gpo. Check in User folder - scripts, and also in machine folder on each policy folder - (don't move or change anything). Alternatively what sort of script is it? bat? vbs? - Just try running a search for files or folders on the server for *.bat or whatever the extension is. Any that turn up in a folder marked something like
C:\WINNT\SYSVOL\sysvol\yourdomain\Policies\{XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\User\Scripts\Logon are there because someone put them there. You can access them from that point - but it may help you to document what you find.
Deb :))
0
 

Author Comment

by:itsadmin
ID: 12058263

I had already looked there, but I checked again and there is nothing.

It is a single line, so script might be an overly generous description.. I recall when I entered it, I was able to simply put the one line directly into the field, I did not have to create an actual 'script file' to execute. Perhaps this was the mistake, but it worked, so..

I caught your not-so-somewhat-subtle hint there.. once I figure this out, it will be documented this time! ;)
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12058436
lol - wasn't meaning to be cheeky there - it's just a pain if you don't document - easier but a pain further on down the line (I have learned this the hard way too)! - have you checked the user's profiles in active directory users and computers (double click on a user in aduc that's pulling the script and check in the various property tabs) to see if you've actually added the line to their login script directly?

Deb :))
0
 

Author Comment

by:itsadmin
ID: 12058470

:) Yes, I agree.. this was one of those little things that I just did in a moment one day.. shame on me for not recording what I did!

Yes, I have checked there, it is not a user script. Just like machines, the script is automatically being run by new users as well. This is really bugging me, I can remember putting it in, and I was sure it was in the GPO editor.. but there it is nothing there!   Given that output from gpresult, it's safe to say it is something in the group policy.. But where to find it!
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12058585
This is well bizarre - but the answer is probably super simple - this gives us the best clue "The following settings were applied from: Default Domain Policy" - I suggest you go through every single bit ot the gpo on your domain object (if you haven't already) - has to be in there somewhere I would have thought...


0
 

Author Comment

by:itsadmin
ID: 12058644

Been there.. done that.. a number of times! Posting here was after I had already looked everywhere I could imagine.. and then some!

Is it possible that by entering a single line "script" without an actual script file, I created an entry that I can't find again?
0
 

Author Comment

by:itsadmin
ID: 12058698
....  maybe it would be so simple as to go to the registry key shown in the output from gpresult on both DC's, and delete that key?

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

is where it lives.. it is obviously there..
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 20

Expert Comment

by:Debsyl99
ID: 12058835
I suppose it could be - but I really don't know as I haven't done it. All I can suggest for now is to try the following Group policy management console - it gives you much greater ability to manage and query group policy and it's application across your domain. You'll need to run it from an XP Pro workstation with .net framework on it - but it's definitely worth a look, particularly with what's happening on your default domain policy. It may enable you to track down the offending item.
Group Policy Management Console with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

It's pretty late here, and I'm at a conference all day tomorrow, but if no one else has jumped in to help I'll pick it up again on Thursday and do some research and testing for you to see if I can track down what maybe going on (I'm a total sucker for these kinds of things). You could also try actually configuring a logon script - but don't apply it at the default domain policy level - as this applies across the board. Try it on an OU - test it first then add users to taht OU as necessary. You should be able to add your additional lines via a batch file attached properly to the login script area of a GPO. It won't stop your existing line running I wouldn't think - but it will be a workaround for the time being for you. Hopefully someone who knows exactly what's going on here will drop by and enlighten us both - but I will get back to you on this if you haven't found an answer by Thursday,
Sorry I can't fix it right now,

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12058865
No - don't delete it for now (well if you want to try it back-up the registry first) but I really wouldn't do that. Hmm it's on the DC? - Could you post the gpresult from an actual client pc - or have you already done that?
0
 

Author Comment

by:itsadmin
ID: 12058872

I'll check that out, thanks Deb..   I figured I could probably just leave that where it was and add whatever else I needed, but I would like to figure it out.. more because it's bugging me than for any functional reason! :)
0
 

Author Comment

by:itsadmin
ID: 12058908

I won't - that's a last resort.  The key exists on the DC's and clients.  The gpresult output piece I posted is from a client.

Anyway, it must be coming FROM somewhere!  That is what I need to find.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12058924
OK fair enough - I'll come back to you on Thursday then - let us know if the gpmc helps or gives any clues,

Deb :))
0
 
LVL 3

Expert Comment

by:StGoY
ID: 12059174
Just a thought,

Did you check in user's config? (Am not talking about GPO right now, but directly into the users' config)
Don't get me wrong here but from all I've read here, you didn't check that out.

In you're AD, browse to one of your users, enter it's properties.  Then, under the Profile tab, there's the Logon Script box... maybe that's where you inputted it?

Other then that... I just can't see... Else then looking at every parent OU's GPO, but I'm pretty sure you've already done that ;)

Steph
0
 

Author Comment

by:itsadmin
ID: 12059210

Yes, I have checked there (already answered - 3rd response)

There only the one, default group policy.. it is not a large network, so there has not even been need for OU's. It's a pretty straightforward configuration here..
0
 
LVL 3

Expert Comment

by:StGoY
ID: 12059385
Doh, sorry there must have gotten lost into the text ;)
And sorry Deb if i double posted your comment!

Humm... There could always be the local solution... Logon script could be configured localy through gpedit.msc? (Not a good way to push a logon script, I know but going through every possibility here...)

Btw... what was it you were talking about with that registry key : HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
There's an instance of your logon script in there? On Both your DCs?

If you mean on your clients, then I see no harm in deleting it (would make sense to export it first, just in case)... Then if it does come from the DCs, the key will be replicated later on anyway.

Steph
0
 

Author Comment

by:itsadmin
ID: 12059585
Nope, not local.

running gpresult on a workstation produced output which included this;

     The following settings were applied from: Default Domain Policy

         KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
         ValueName:     1
         ValueType:     REG_SZ
         Value:     net use n: \\domain\shares\dfssharename

this key (under HKLM) exists on all clients and the DC's. This is the "script" - a single 'net use' line. I presume the clients obtain it from the DC like it says, so I'm just looking for a place to get rid of it on the DC's!
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 12078527
Unfortunately, I'm not using an English version, so I can't tell you right away where you find the setting, but I can tell you how to find it.
Go to %Systemroot%\inf on your DC, open the file "system.adm" in notepad. Search for "AdministrativeServices="; the string after that will tell you the main section of the setting: Computer Configuration\Administrative Templates\<AdministrativeServices>
As for the setting itself, search again, this time for "Run=" (you'll find Autorun= and NoRun= on your way, ignore them). Again, the string after that will give you the policy; it should be something like "Start these programs at user logon".
Set the policy back to "not configured", and the mapping should stop.
0
 

Author Comment

by:itsadmin
ID: 12078883

Damn! That's where it is! I knew it was there someplace.. can't believe I missed that. Thanks, oBdA!

Thanks everyone else for your attempts to help, as well!

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now