[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Gpo Implementation

I am running a script through GPO which is applied at OU level. [user configuration/logon].
I have 02 accounts which are members of the domain administrator account. what I can't understand is the script runs only on the computers where those 02 accounts (members of the Domain adminstrator account) exist. In other words when other users from the same OU as (the 02 accounts I mentioned) log off then log back on, or they restart their computers and log on, the script doesn't run on their computers.

Any idea?

thanks


0
Chuckbuchan
Asked:
Chuckbuchan
  • 3
  • 2
1 Solution
 
mikeleebrlaCommented:
"I have 02 accounts which are members of the domain administrator account"  i assume you mean they are members of the domain administrator group?

which security group has access to this GPO?

remember that the following 3 thiings must take place in order for a GPO to be applied:

1.  the GPO must be applied to a domain or OU that the user/computer is a member of or downlevel of (assuming there is no filtering)
2.  the user/compter must have the read right to the GPO
3.  the user/computer must have "apply group policy" right to the GPO

are all of these conditions true for the "non admin" accounts that the script isn't working for?

if you are on an XP box i would run gpresult while logged on as one of these users.  This test will probably tell you why the GPO isn't being applied.
0
 
mikeleebrlaCommented:
i forgot one more point:

what do you mean when you say "what I can't understand is the script runs only on the computers where those 02 accounts (members of the Domain adminstrator account) exist."  the accounts are in Active directory, not on the local computer.  what exacly do you mean when you say they only work on computers where those 2 accounts exist????
0
 
ChuckbuchanAuthor Commented:
that's what I meant, "members of the domain administrator group" thank you for the correction.

the 02 computers that get the gpo applied against them are logged on with  a user account that 's a member of domain administrator group.
the rest of the users aren't members of the domain administrator group, and the gpo didn't apply to them [that was my question].

you said
<<<2.  the user/compter must have the read right to the GPO
        3.  the user/computer must have "apply group policy" right to the GPO>>>

where this is set up ?


thanks

0
 
ChuckbuchanAuthor Commented:
If I logon to a computer as authenticated user not as a domain administrator, the script runs but it gives error that it can't find the file, this error doesn't happen when I logon as a domain adminstartor. the folder where the executable file exists is shared.

c:\program files\folder1\folder2\file.exe
folder1 and folder2 are shared.



On user configuration/windows settings/logon
on the script name field I put :   %Logonserver%\netlogon\audit.vbs

I don't what is missing so that an authenticated users gets the script running on his computer.


thanks

0
 
ChuckbuchanAuthor Commented:
If I logon as an authenticated users , not domain administrator , I receive a message error that says : the system cannot find the file specified.


0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now