Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1032
  • Last Modified:

Changes to logon script not being executed

We have a Windows 2003 Server which executed logon scripts flawlessly until we decided to add another mapped drive. I added a line to the batch file, but the clients are not receiving the command. In other words, the new drive "S" is not being mapped. I have since added a pause command which has also not been executed by any of the clients. There are a total of 6 mapped drives that are being mapped upon logging in, but when I have made changes to those mappings, once again the changes are not reflected by the clients. I have run gpupdate /force and even rebooted the server. I can not think of anything else that would explain why the clients seem to be logging in using a cached version of our logon script. None of the clients have their drives manually mapped on there machine...All mapping have been configured by the logon script.
0
michaelgivens
Asked:
michaelgivens
  • 5
  • 4
  • 4
5 Solutions
 
ckratschCommented:
Are you running this logon script using group policy, or on each user account specifically?
0
 
ckratschCommented:
Duh, I just noticed that you have used gpupdate - so it's in group policy.

It sounds as though one of two things is happening:

1. Clients are not really authenticating to the domain, so they're continuing to use the cached policy.
2. The updated policy is not being replicated from the PDC emulator to the DC that clients are authenticating to (only applies if you have multiple DCs, and is more likely if those DCs are in multiple sites.
3. Clients are not able to see a global catalog server when they authenticate (I could be wrong about that one)
0
 
ckratschCommented:
Oh one more thing -

If you haven't installed it yet, get the Group Policy Management Console.  That will help you to identify what policies are being applied to what users on what workstations, as well as making it much easier overall to manage group policies.

http://www.petri.co.il/download_gpmc.htm
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ckratschCommented:
If you suspect #2, use dcdiag and netdiag from the Support Tools to check connectivity.  You can run these on workstations as well.
0
 
crissandCommented:
Go to one client computer and run, in a dos box, the command set. See the name of the logon server.

Enable Run logon scripts synchronously
0
 
michaelgivensAuthor Commented:
I do have a 2nd DC at another site which does also authenticate. So your number two may be relevant. I added a new PC to the domain today and it had no problem mapping all drives. I changed one of the netuse commands in the logon script to a different directory and all clients are still mapping to the previous directory. It appears that the older clients (older than today) are using an older script, but I cannot understand where it is coming from unless the other DC has not been replicated. If this is the case, I do not know where to begin. All help is greatly appreciated.

I ran DCDiag ont the DC and all tests passed except the following. I do not know if this has anything to do with my issue...

Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/07/2005   19:42:44
            Event String: The kerberos client received a

         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 04/07/2005   19:42:44
            Event String: DCOM was unable to communicate with the computer

         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 04/07/2005   19:43:19
            Event String: DCOM was unable to communicate with the computer

         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 04/07/2005   19:43:40
            Event String: DCOM was unable to communicate with the computer

         ......................... EPEXCH failed test systemlog
0
 
michaelgivensAuthor Commented:
what do you mean "run the command set"? & how do I Enable Run logon scripts synchronously
0
 
crissandCommented:
Start a command prompt. At the prompt, type set and hit Enter. You'll see the environment, and some environment variables are related to the domain. On of these is Logon Server.

In the Group policy console:

USER\Administrative Templates\System\Scripts\Run logon scripts synchronously

and, to see the script running:

USER\Administrative Templates\System\Scripts\Run logon scripts visible

or, you can enable this in the "Machine" part of group policy.

After you debug the script and have it run properly you can disable Run logon script visible.
0
 
ckratschCommented:
The systemlog test looks in the system log for errors.  That's all.  That particular test is not a reliable indicator of much, since it'll also fail based on the "I couldn't install these printers for a terminal session user, because I don't have drivers for them" errors.
0
 
michaelgivensAuthor Commented:
I set the scripts to logon synchronously and visibly. I am not sure when I can get onsite to test and run the SET command, but thx for all the help so far. I will post more info as soon as I have it.
0
 
crissandCommented:
Go to one workstation. Start a command prompt. Type set. Hit Enter. You'll see the environment, particularely the logon server. This is the server where you must put the correct logon scripts.

When a user log on, can you see now the script running?
0
 
michaelgivensAuthor Commented:
UPDATE...I made 2 changes to the logon script at the same time.
1) I added a new drive "S"
2) I changed the location of the USERS share

All clients that authenticated today have the "S" drive now, however, none of them have the new location of their USERS share.

How is that possible? I have checked the script on both servers and it has replicated. Both servers have the exact same changes in the logon script that I made at the DC.

I guess I can add a pause at the end of the logon script, then goto a client machine and login with "logon synchronously" & "visible" properties. This will show me the logon script so I can see what it is executing, CORRECT? Is this what you guys would recommend I do, or should I try something else?
0
 
crissandCommented:
Yes, because I think the logon script is executing but there is another problem with mapping. You can add the pause just after the mapping command.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now