• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

GPO Logon script - MIA?!

Hello..   some time ago, I configured a logon script to map a network drive for all users in my AD domain.  I could have sworn I did it through Group Policy. Now I want to make an addition to the script, but when I go look in the GPO editor there are no logon scripts listed there.  The original script is still working for everyone and is being run on new computers added to the domain.. but I can't find the script settings anywhere!

It's quite possible I am missing some place to look, or maybe there is some weirdness going on..  I have looked in the GPO editor under user configuration, windows settings, scripts. Where else might it be living, or what might be going on here?

I appreciate any suggestions.
0
itsadmin
Asked:
itsadmin
  • 10
  • 8
  • 2
  • +1
1 Solution
 
Debsyl99Commented:
Hi

Try looking in netlogon,

Deb :))
0
 
Debsyl99Commented:
Although it may be that although the script has been removed, that the drives are just reconnecting at logon rather than being mapped by a script. Try running gpresult /v from a command prompt on a client login, you'll see if the script is running or not,

Deb :))
0
 
itsadminAuthor Commented:

NETLOGON is empty, as is SYSVOL\domain\scripts.  

The script did not set up persistent mappings, so I'm pretty sure it's still running.  Also, you can see it execute on slower machines, and new machines added to the domain start running it as well.

found this in the output from gpresult;

      The following settings were applied from: Default Domain Policy

          KeyName:      Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
          ValueName:      1
          ValueType:      REG_SZ
          Value:      net use n: \\domain\shares\dfssharename

this is it right there.. so now the question is, where is this setting in the GPO explorer? Obviously I have forgotten what I did, because I can't find it anywhere.. :(

Thanks for your help
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
Debsyl99Commented:
Hi

Yep - It's definitely being pulled - looks like from your default domain policy. In your sysvol you should see a folder called "yourdomain.com". Open this, and you should see a folder called policies. Open this and there will be a folder that contains the gpo for each ou that you have, including the domain ou. Open these up and you should see three folders - user machine and adm. These relate to the user and machine policies and admin templates for that specific gpo. Check in User folder - scripts, and also in machine folder on each policy folder - (don't move or change anything). Alternatively what sort of script is it? bat? vbs? - Just try running a search for files or folders on the server for *.bat or whatever the extension is. Any that turn up in a folder marked something like
C:\WINNT\SYSVOL\sysvol\yourdomain\Policies\{XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}\User\Scripts\Logon are there because someone put them there. You can access them from that point - but it may help you to document what you find.
Deb :))
0
 
itsadminAuthor Commented:

I had already looked there, but I checked again and there is nothing.

It is a single line, so script might be an overly generous description.. I recall when I entered it, I was able to simply put the one line directly into the field, I did not have to create an actual 'script file' to execute. Perhaps this was the mistake, but it worked, so..

I caught your not-so-somewhat-subtle hint there.. once I figure this out, it will be documented this time! ;)
0
 
Debsyl99Commented:
lol - wasn't meaning to be cheeky there - it's just a pain if you don't document - easier but a pain further on down the line (I have learned this the hard way too)! - have you checked the user's profiles in active directory users and computers (double click on a user in aduc that's pulling the script and check in the various property tabs) to see if you've actually added the line to their login script directly?

Deb :))
0
 
itsadminAuthor Commented:

:) Yes, I agree.. this was one of those little things that I just did in a moment one day.. shame on me for not recording what I did!

Yes, I have checked there, it is not a user script. Just like machines, the script is automatically being run by new users as well. This is really bugging me, I can remember putting it in, and I was sure it was in the GPO editor.. but there it is nothing there!   Given that output from gpresult, it's safe to say it is something in the group policy.. But where to find it!
0
 
Debsyl99Commented:
This is well bizarre - but the answer is probably super simple - this gives us the best clue "The following settings were applied from: Default Domain Policy" - I suggest you go through every single bit ot the gpo on your domain object (if you haven't already) - has to be in there somewhere I would have thought...


0
 
itsadminAuthor Commented:

Been there.. done that.. a number of times! Posting here was after I had already looked everywhere I could imagine.. and then some!

Is it possible that by entering a single line "script" without an actual script file, I created an entry that I can't find again?
0
 
itsadminAuthor Commented:
....  maybe it would be so simple as to go to the registry key shown in the output from gpresult on both DC's, and delete that key?

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

is where it lives.. it is obviously there..
0
 
Debsyl99Commented:
I suppose it could be - but I really don't know as I haven't done it. All I can suggest for now is to try the following Group policy management console - it gives you much greater ability to manage and query group policy and it's application across your domain. You'll need to run it from an XP Pro workstation with .net framework on it - but it's definitely worth a look, particularly with what's happening on your default domain policy. It may enable you to track down the offending item.
Group Policy Management Console with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

It's pretty late here, and I'm at a conference all day tomorrow, but if no one else has jumped in to help I'll pick it up again on Thursday and do some research and testing for you to see if I can track down what maybe going on (I'm a total sucker for these kinds of things). You could also try actually configuring a logon script - but don't apply it at the default domain policy level - as this applies across the board. Try it on an OU - test it first then add users to taht OU as necessary. You should be able to add your additional lines via a batch file attached properly to the login script area of a GPO. It won't stop your existing line running I wouldn't think - but it will be a workaround for the time being for you. Hopefully someone who knows exactly what's going on here will drop by and enlighten us both - but I will get back to you on this if you haven't found an answer by Thursday,
Sorry I can't fix it right now,

Deb :))
0
 
Debsyl99Commented:
No - don't delete it for now (well if you want to try it back-up the registry first) but I really wouldn't do that. Hmm it's on the DC? - Could you post the gpresult from an actual client pc - or have you already done that?
0
 
itsadminAuthor Commented:

I'll check that out, thanks Deb..   I figured I could probably just leave that where it was and add whatever else I needed, but I would like to figure it out.. more because it's bugging me than for any functional reason! :)
0
 
itsadminAuthor Commented:

I won't - that's a last resort.  The key exists on the DC's and clients.  The gpresult output piece I posted is from a client.

Anyway, it must be coming FROM somewhere!  That is what I need to find.
0
 
Debsyl99Commented:
OK fair enough - I'll come back to you on Thursday then - let us know if the gpmc helps or gives any clues,

Deb :))
0
 
StGoYCommented:
Just a thought,

Did you check in user's config? (Am not talking about GPO right now, but directly into the users' config)
Don't get me wrong here but from all I've read here, you didn't check that out.

In you're AD, browse to one of your users, enter it's properties.  Then, under the Profile tab, there's the Logon Script box... maybe that's where you inputted it?

Other then that... I just can't see... Else then looking at every parent OU's GPO, but I'm pretty sure you've already done that ;)

Steph
0
 
itsadminAuthor Commented:

Yes, I have checked there (already answered - 3rd response)

There only the one, default group policy.. it is not a large network, so there has not even been need for OU's. It's a pretty straightforward configuration here..
0
 
StGoYCommented:
Doh, sorry there must have gotten lost into the text ;)
And sorry Deb if i double posted your comment!

Humm... There could always be the local solution... Logon script could be configured localy through gpedit.msc? (Not a good way to push a logon script, I know but going through every possibility here...)

Btw... what was it you were talking about with that registry key : HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
There's an instance of your logon script in there? On Both your DCs?

If you mean on your clients, then I see no harm in deleting it (would make sense to export it first, just in case)... Then if it does come from the DCs, the key will be replicated later on anyway.

Steph
0
 
itsadminAuthor Commented:
Nope, not local.

running gpresult on a workstation produced output which included this;

     The following settings were applied from: Default Domain Policy

         KeyName:     Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
         ValueName:     1
         ValueType:     REG_SZ
         Value:     net use n: \\domain\shares\dfssharename

this key (under HKLM) exists on all clients and the DC's. This is the "script" - a single 'net use' line. I presume the clients obtain it from the DC like it says, so I'm just looking for a place to get rid of it on the DC's!
0
 
oBdACommented:
Unfortunately, I'm not using an English version, so I can't tell you right away where you find the setting, but I can tell you how to find it.
Go to %Systemroot%\inf on your DC, open the file "system.adm" in notepad. Search for "AdministrativeServices="; the string after that will tell you the main section of the setting: Computer Configuration\Administrative Templates\<AdministrativeServices>
As for the setting itself, search again, this time for "Run=" (you'll find Autorun= and NoRun= on your way, ignore them). Again, the string after that will give you the policy; it should be something like "Start these programs at user logon".
Set the policy back to "not configured", and the mapping should stop.
0
 
itsadminAuthor Commented:

Damn! That's where it is! I knew it was there someplace.. can't believe I missed that. Thanks, oBdA!

Thanks everyone else for your attempts to help, as well!

0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 10
  • 8
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now