Group Policies

Greetings,

I created 2 .bat files for capturing log on/log information.
The scripts themselves work beautifully.

I want to apply these to the group policy so when users log on and off, the scripts are run and the information is logged.
I moved the scripts to the correct policy folder on the DC.
I opened the mmc, add the snapin for default domain policy.  
Under User configuration i clicked windows settings, then scripts(logon/logoff).
I applied the correct .bat file each setting.

After applying this, I logged off and logged back on.  My log file that captures the data didn't show anything.

Am I missing something?
LVL 11
phileocaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rindiCommented:
Did you use gpupdate to force the local policy to be applied to the PC?
0
phileocaAuthor Commented:
I did only what i typed above.
What is gpupdate and where would I run that from?
0
rindiCommented:
From a command prompt. First run gpudate /? to get the syntax, then run it with the correct option to get the profile on the local PC updated.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

phileocaAuthor Commented:
do I have to do that from every PC, or can I do it from the DC?
Doing it on every PC isn't feasible in a company of this size
0
rindiCommented:
I think it should push to every PC if you have the PC's names. If not, it'll just take some time until all the PC's have been updated by themselves.
0
mcsweenSr. Network AdministratorCommented:
The PCs will update themselves eventually (usually within a couple of hours or at the next restart)

FYI - MS Best Practices state that you should NEVER modify the Default Domain Policy.  Instead you should create a new policy with your changes in it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mcsweenSr. Network AdministratorCommented:
also in Windows 2000 there is not gpupdate, you will have to use secedit.  Something like:

secedit /refreshpolicy user_policy /enforce
0
phileocaAuthor Commented:
Thanks.

The .bat has been installed, and has been working for the last 3 days... however... currently only 3 people seem to be affected.  
What is taking the other computers so long?  Do they NEED to powercycle their computers for the policy to take effect?
0
mcsweenSr. Network AdministratorCommented:
I would restart the computers to try and get the policies to take affect.  If the client is XP you can try a gpupdate /force and if 2k use the secedit command from above.  A restart should push the policy down if it's not being applied on it's own.

If you continue to have issues try and set

Computer Config | Admin Templates | System | Logon | Always wait for Network...

to enabled in the policy...this will force the comptuers to grab the new policies on the next restart.
0
phileocaAuthor Commented:
the server is win2k server

ALL of the clients are XP pro
0
phileocaAuthor Commented:
I went to a clients computer and did a /gpudate
but it's still not logging.

Why isn't my WIN2k Server updating all of the users through the active directory like it's supposed to?
0
mcsweenSr. Network AdministratorCommented:
Did you set "Always wiat for Network" policy as stated above?

Also, go to a client that's not working and...
Start | Run | rsop.msc

look in there for your policy, if it's there then it's not a policy refresh problem, could be your script.  If it's not there then set the Always wait for Network policy and do a
gpupdate /force at the client.

0
phileocaAuthor Commented:
where is the always wait for network policy? client? server?  you are VERY unclear.

and also, you said
<< The PCs will update themselves eventually (usually within a couple of hours or at the next restart)
which is inaccurate.
They will only update on an interval if it is configured for that in the MMC.  By default it is Not Configured.
I discovered this myself.

0
phileocaAuthor Commented:
This tip was very very very very very good.
There are alot more options in a new policy than the default domain policy.

>>FYI - MS Best Practices state that you should NEVER modify the Default Domain Policy.  Instead you should create a new policy with your changes in it.
0
phileocaAuthor Commented:
oooh....
<<Computer Config | Admin Templates | System | Logon | Always wait for Network...
that's in the MMC.
If my computers don't start refreshing by the end of this week, then i'll turn that on.
0
mcsweenSr. Network AdministratorCommented:
>>They will only update on an interval if it is configured for that in the MMC.  By default it is Not Configured>>

This statement is not true.  This only has to be set if you want to change the default update time which is about every 90 minutes with a variance for what the offset time is, by default the offset time is 30 min.  The offset time keeps all computers from updating at the exact same time and causing severe network congestion.

If you want to know if you policy has propegated to the client just go to the client and run rsop.msc (resuliant set of policy)

This will show you all policies that have been pushed to the computer.  Look under logon scripts and see if yours is listed there.  If it is listed then it's been pushed down and isn't working correctly; possibly due to an issue with the script.  If it's not there they you are having a replication/propegation problem.

Please let me know if you can see the script in rsop.msc at the client.
0
phileocaAuthor Commented:
folder permission was set to administrators only.
everybody could read, but only admins could write.
thanks for the help though.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.