Solved

Windows 2003 and XP client Group Policy Problem

Posted on 2004-09-24
8
193 Views
Last Modified: 2010-04-19
Hi all,

I am trying to get all my users to execute this logon.vbs script (it maps X: to their home directory on a network share).

I have created an OU called "company" and also a GPO that is called "company". I went and edited the user setting of this GPO, and set the logon script to be that script (I put my script in a folder called "script" in my F Drive). So when i double click on my logon script property, it now shows F:\script\logon.vbs.

I have dragged this GPO to link with my "company" OU. and in active directory user console, i dragged my users to this OU.

My problem now is :
- all my XP clients are not running this script (I don't know why)
- when users logon to the server, it runs!! (or when i log in using terminal server)

why is this the case ? Why is my XP clients not running the script. I need help!! THANKS!!!

i have rebooted my server and did a gpupdate on my clients already.

THANK A BUNCH in advance!!

- win2k3 newb
0
Comment
Question by:hermanlam
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 12150785
Hmm; Is there any reason you didn't apply this in the Default Domain Policy?
Let's get some clarification. It looks like you're wondering why the machine doesn't get  the policy, but it runs and is applied when the user logs on. Correct?
>My problem now is :
>- all my XP clients are not running this script (I don't know why)
>- when users logon to the server, it runs!! (or when i log in using terminal server)
By that, I assume you mean when the user authenticates, correct?

If that's the only modification, mapping the users drive, there are a couple ways to do it, including the method you are trying to use.
There are certain caveats, though.
1) No GPO can be applied to computers still in the default Domain Computers OU.
2) Settings in a higher level GPO for the computer should apply, but but might not when the computer is still in the default location.
0
 

Author Comment

by:hermanlam
ID: 12151495
My reason for not applying to Default Domain Policy : i want only users in this "company" OU to execute these shared drives. I have guest users in the company, and all they can do is surf the internet. I don't want them to access my network drives.

I have removed the script from the "Default Domain Controller" OU in GPMC. It doesn't execute the script when i logon using the server.

>If that's the only modification, mapping the users drive, there are a couple ways to do it, including the method you are trying to use.
>There are certain caveats, though.
>1) No GPO can be applied to computers still in the default Domain Computers OU.
>2) Settings in a higher level GPO for the computer should apply, but but might not when the computer is still in the default location.

I don't get what you mean. What is the exact step in setting this up. Do i need to add a new "computer" in the OU ?

thanks again!
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12151751
Sorry; I was a little off track. 8-)
This can be applied to a GPO set at the OU level to the user settings.
So, on the Company OU, open the GPO, navigate to Windows settings, and select logon script. In there, simply add it to the script. Then, into the porperties of the GPO, and select the read and apply settings for whichever group you want it applied.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:hermanlam
ID: 12152987
Hi casca

I think i have solved the problem. The reason why it only executes on my server is that i have defined my script path in the GPO to be F:\script\logon.vbs. In fact, i should share that drive and put an UNC there and have //server/script/logon.vbs.

This is all working now.
Thanks!!
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12153292
Well, Cool. Glad you got it fixed. Bad thing is, I didn't think of that being the issue, and I've run into it. I just thought it was to bone-headed to be it.

I mean, ah, heck, you know what I mean, no insult intended. Nice to see you got it fixed.
Any thing else I can send you off to the north pole after? 8-)
0
 

Author Comment

by:hermanlam
ID: 12154115
Thanks a lot for the help anyways.

One thing while I encountered when I was refining the policy (now that i got it to execute on the client) is that i would like to create some desktop shortcuts that will link to some program that will execute on the server. How do i do that ?

Another thing is i am trying to get all my users' "My document" or windows profile(i.e: wallpaper, xp color scheme, etc) to be stored on the server so that their desktop will look the same no matter which client they log onto.

I know this is a whole separate question, but i am new to experts-exchange and i don't have much points left to offer. Please bear with me.

=)

it would be great if you could help me on this too, thanks!

- win2k3 newb
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12155170
Well, let's start with the easy one. The user profile can be set as either local or roaming.
Roaming profiles are what you want if the users will use different computers.
If they will always use the same computer, but you are after enforcing certain things, like wallpaper, etc, but the user will always be on the same computer, then you need to lock things down.
You might also want to lock down a roaming profile, and that is also possible.
All of these things are easily controlled through GPO for the lockdown, but there are some things to be aware of. Locking the user down is easy as pie. Using roaming profiles isn't quite so easy.
You can do some searches on roaming profiles, and find some great information.
http://www.novell.com/coolsolutions/zenworks/features/trenches/tr_remove_profiles_zw.html
This link will help you avoid the headache's that go with Roaming profiles.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebc_dsm_ivvs.asp
This is the MS guide for 2003 server, and that link should take you to configuring roaming user profiles, and it is more or less a walk through.

When you ask about creating the shortcuts, what exactly do these shortcuts need to do? Are they simply a shortcut to a server based or centrally located program, much like the shortcuts that are already used, except for the target location of the executable, or do you actually need these programs to launch at user logon? It sounds like you want to place a link to an app that could just as easily be on the individual workstation.
If that's the case, simply create a drive mapping (easiest method) that points a drive letter at the server sahre to use, then open an explorer window to the drive, and create the shortcut needed. You can also add the mapping to the tailend of the script, before the end statement, and this share will be created and mapped at logon, and will be in place.
Hope that helps.
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 12155201
Additionally, you said you're short on points.
There are a couple of ways to get points. The first is the old fashioned way; Simply cough up some cash and pay for the Premium service. That get's you a hefty supply of credits to ask questions, and allows you to search the archived questions. That feature alone is handier than three arms.
The next method involves spending a lot of time readin EE, gleaning and learning, and eventually, answering questions.
Once you achive 10000 points, they offer you the premium membership, and to continue to qualify, it only takes 3000 points a month.
Now, I know you are saying, I don't have the knowledge to do this, or the time, I have a network to support!
Trust me on this, the points themselves, once you can start answering questions, are easy. A grade of A on a 500 point question yields 2000 points.
Thus, 5 correctly answered questions with a grade of A earns the points to get into premium. 2 more questions a month, roughly, could keep your monthly points up to continue your membership.
You're probably still thinking, yeah, but I still have to answer the questions.
You obviously know enough to ask the questions here, and to recognize when the answers given can fix your issues, correct? You know more than you give yourself credit. 8-)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question