[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Group Policies

Posted on 2006-04-05
17
Medium Priority
?
289 Views
Last Modified: 2010-04-13
Greetings,

I created 2 .bat files for capturing log on/log information.
The scripts themselves work beautifully.

I want to apply these to the group policy so when users log on and off, the scripts are run and the information is logged.
I moved the scripts to the correct policy folder on the DC.
I opened the mmc, add the snapin for default domain policy.  
Under User configuration i clicked windows settings, then scripts(logon/logoff).
I applied the correct .bat file each setting.

After applying this, I logged off and logged back on.  My log file that captures the data didn't show anything.

Am I missing something?
0
Comment
Question by:phileoca
  • 9
  • 5
  • 3
17 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 16385522
Did you use gpupdate to force the local policy to be applied to the PC?
0
 
LVL 11

Author Comment

by:phileoca
ID: 16385623
I did only what i typed above.
What is gpupdate and where would I run that from?
0
 
LVL 88

Expert Comment

by:rindi
ID: 16385716
From a command prompt. First run gpudate /? to get the syntax, then run it with the correct option to get the profile on the local PC updated.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 11

Author Comment

by:phileoca
ID: 16385845
do I have to do that from every PC, or can I do it from the DC?
Doing it on every PC isn't feasible in a company of this size
0
 
LVL 88

Expert Comment

by:rindi
ID: 16386141
I think it should push to every PC if you have the PC's names. If not, it'll just take some time until all the PC's have been updated by themselves.
0
 
LVL 22

Accepted Solution

by:
mcsween earned 2000 total points
ID: 16401017
The PCs will update themselves eventually (usually within a couple of hours or at the next restart)

FYI - MS Best Practices state that you should NEVER modify the Default Domain Policy.  Instead you should create a new policy with your changes in it.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 16401047
also in Windows 2000 there is not gpupdate, you will have to use secedit.  Something like:

secedit /refreshpolicy user_policy /enforce
0
 
LVL 11

Author Comment

by:phileoca
ID: 16401934
Thanks.

The .bat has been installed, and has been working for the last 3 days... however... currently only 3 people seem to be affected.  
What is taking the other computers so long?  Do they NEED to powercycle their computers for the policy to take effect?
0
 
LVL 22

Expert Comment

by:mcsween
ID: 16402423
I would restart the computers to try and get the policies to take affect.  If the client is XP you can try a gpupdate /force and if 2k use the secedit command from above.  A restart should push the policy down if it's not being applied on it's own.

If you continue to have issues try and set

Computer Config | Admin Templates | System | Logon | Always wait for Network...

to enabled in the policy...this will force the comptuers to grab the new policies on the next restart.
0
 
LVL 11

Author Comment

by:phileoca
ID: 16403937
the server is win2k server

ALL of the clients are XP pro
0
 
LVL 11

Author Comment

by:phileoca
ID: 16418643
I went to a clients computer and did a /gpudate
but it's still not logging.

Why isn't my WIN2k Server updating all of the users through the active directory like it's supposed to?
0
 
LVL 22

Expert Comment

by:mcsween
ID: 16418707
Did you set "Always wiat for Network" policy as stated above?

Also, go to a client that's not working and...
Start | Run | rsop.msc

look in there for your policy, if it's there then it's not a policy refresh problem, could be your script.  If it's not there then set the Always wait for Network policy and do a
gpupdate /force at the client.

0
 
LVL 11

Author Comment

by:phileoca
ID: 16418878
where is the always wait for network policy? client? server?  you are VERY unclear.

and also, you said
<< The PCs will update themselves eventually (usually within a couple of hours or at the next restart)
which is inaccurate.
They will only update on an interval if it is configured for that in the MMC.  By default it is Not Configured.
I discovered this myself.

0
 
LVL 11

Author Comment

by:phileoca
ID: 16419174
This tip was very very very very very good.
There are alot more options in a new policy than the default domain policy.

>>FYI - MS Best Practices state that you should NEVER modify the Default Domain Policy.  Instead you should create a new policy with your changes in it.
0
 
LVL 11

Author Comment

by:phileoca
ID: 16419283
oooh....
<<Computer Config | Admin Templates | System | Logon | Always wait for Network...
that's in the MMC.
If my computers don't start refreshing by the end of this week, then i'll turn that on.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 16420144
>>They will only update on an interval if it is configured for that in the MMC.  By default it is Not Configured>>

This statement is not true.  This only has to be set if you want to change the default update time which is about every 90 minutes with a variance for what the offset time is, by default the offset time is 30 min.  The offset time keeps all computers from updating at the exact same time and causing severe network congestion.

If you want to know if you policy has propegated to the client just go to the client and run rsop.msc (resuliant set of policy)

This will show you all policies that have been pushed to the computer.  Look under logon scripts and see if yours is listed there.  If it is listed then it's been pushed down and isn't working correctly; possibly due to an issue with the script.  If it's not there they you are having a replication/propegation problem.

Please let me know if you can see the script in rsop.msc at the client.
0
 
LVL 11

Author Comment

by:phileoca
ID: 16438704
folder permission was set to administrators only.
everybody could read, but only admins could write.
thanks for the help though.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question