Solved

Windows 2003 and XP client Group Policy Problem

Posted on 2004-09-24
8
194 Views
Last Modified: 2010-04-19
Hi all,

I am trying to get all my users to execute this logon.vbs script (it maps X: to their home directory on a network share).

I have created an OU called "company" and also a GPO that is called "company". I went and edited the user setting of this GPO, and set the logon script to be that script (I put my script in a folder called "script" in my F Drive). So when i double click on my logon script property, it now shows F:\script\logon.vbs.

I have dragged this GPO to link with my "company" OU. and in active directory user console, i dragged my users to this OU.

My problem now is :
- all my XP clients are not running this script (I don't know why)
- when users logon to the server, it runs!! (or when i log in using terminal server)

why is this the case ? Why is my XP clients not running the script. I need help!! THANKS!!!

i have rebooted my server and did a gpupdate on my clients already.

THANK A BUNCH in advance!!

- win2k3 newb
0
Comment
Question by:hermanlam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 6

Expert Comment

by:Casca1
ID: 12150785
Hmm; Is there any reason you didn't apply this in the Default Domain Policy?
Let's get some clarification. It looks like you're wondering why the machine doesn't get  the policy, but it runs and is applied when the user logs on. Correct?
>My problem now is :
>- all my XP clients are not running this script (I don't know why)
>- when users logon to the server, it runs!! (or when i log in using terminal server)
By that, I assume you mean when the user authenticates, correct?

If that's the only modification, mapping the users drive, there are a couple ways to do it, including the method you are trying to use.
There are certain caveats, though.
1) No GPO can be applied to computers still in the default Domain Computers OU.
2) Settings in a higher level GPO for the computer should apply, but but might not when the computer is still in the default location.
0
 

Author Comment

by:hermanlam
ID: 12151495
My reason for not applying to Default Domain Policy : i want only users in this "company" OU to execute these shared drives. I have guest users in the company, and all they can do is surf the internet. I don't want them to access my network drives.

I have removed the script from the "Default Domain Controller" OU in GPMC. It doesn't execute the script when i logon using the server.

>If that's the only modification, mapping the users drive, there are a couple ways to do it, including the method you are trying to use.
>There are certain caveats, though.
>1) No GPO can be applied to computers still in the default Domain Computers OU.
>2) Settings in a higher level GPO for the computer should apply, but but might not when the computer is still in the default location.

I don't get what you mean. What is the exact step in setting this up. Do i need to add a new "computer" in the OU ?

thanks again!
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12151751
Sorry; I was a little off track. 8-)
This can be applied to a GPO set at the OU level to the user settings.
So, on the Company OU, open the GPO, navigate to Windows settings, and select logon script. In there, simply add it to the script. Then, into the porperties of the GPO, and select the read and apply settings for whichever group you want it applied.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:hermanlam
ID: 12152987
Hi casca

I think i have solved the problem. The reason why it only executes on my server is that i have defined my script path in the GPO to be F:\script\logon.vbs. In fact, i should share that drive and put an UNC there and have //server/script/logon.vbs.

This is all working now.
Thanks!!
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12153292
Well, Cool. Glad you got it fixed. Bad thing is, I didn't think of that being the issue, and I've run into it. I just thought it was to bone-headed to be it.

I mean, ah, heck, you know what I mean, no insult intended. Nice to see you got it fixed.
Any thing else I can send you off to the north pole after? 8-)
0
 

Author Comment

by:hermanlam
ID: 12154115
Thanks a lot for the help anyways.

One thing while I encountered when I was refining the policy (now that i got it to execute on the client) is that i would like to create some desktop shortcuts that will link to some program that will execute on the server. How do i do that ?

Another thing is i am trying to get all my users' "My document" or windows profile(i.e: wallpaper, xp color scheme, etc) to be stored on the server so that their desktop will look the same no matter which client they log onto.

I know this is a whole separate question, but i am new to experts-exchange and i don't have much points left to offer. Please bear with me.

=)

it would be great if you could help me on this too, thanks!

- win2k3 newb
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12155170
Well, let's start with the easy one. The user profile can be set as either local or roaming.
Roaming profiles are what you want if the users will use different computers.
If they will always use the same computer, but you are after enforcing certain things, like wallpaper, etc, but the user will always be on the same computer, then you need to lock things down.
You might also want to lock down a roaming profile, and that is also possible.
All of these things are easily controlled through GPO for the lockdown, but there are some things to be aware of. Locking the user down is easy as pie. Using roaming profiles isn't quite so easy.
You can do some searches on roaming profiles, and find some great information.
http://www.novell.com/coolsolutions/zenworks/features/trenches/tr_remove_profiles_zw.html
This link will help you avoid the headache's that go with Roaming profiles.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/deployguide/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/all/deployguide/en-us/dmebc_dsm_ivvs.asp
This is the MS guide for 2003 server, and that link should take you to configuring roaming user profiles, and it is more or less a walk through.

When you ask about creating the shortcuts, what exactly do these shortcuts need to do? Are they simply a shortcut to a server based or centrally located program, much like the shortcuts that are already used, except for the target location of the executable, or do you actually need these programs to launch at user logon? It sounds like you want to place a link to an app that could just as easily be on the individual workstation.
If that's the case, simply create a drive mapping (easiest method) that points a drive letter at the server sahre to use, then open an explorer window to the drive, and create the shortcut needed. You can also add the mapping to the tailend of the script, before the end statement, and this share will be created and mapped at logon, and will be in place.
Hope that helps.
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 12155201
Additionally, you said you're short on points.
There are a couple of ways to get points. The first is the old fashioned way; Simply cough up some cash and pay for the Premium service. That get's you a hefty supply of credits to ask questions, and allows you to search the archived questions. That feature alone is handier than three arms.
The next method involves spending a lot of time readin EE, gleaning and learning, and eventually, answering questions.
Once you achive 10000 points, they offer you the premium membership, and to continue to qualify, it only takes 3000 points a month.
Now, I know you are saying, I don't have the knowledge to do this, or the time, I have a network to support!
Trust me on this, the points themselves, once you can start answering questions, are easy. A grade of A on a 500 point question yields 2000 points.
Thus, 5 correctly answered questions with a grade of A earns the points to get into premium. 2 more questions a month, roughly, could keep your monthly points up to continue your membership.
You're probably still thinking, yeah, but I still have to answer the questions.
You obviously know enough to ask the questions here, and to recognize when the answers given can fix your issues, correct? You know more than you give yourself credit. 8-)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question