[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

GP user logon scripts fails

Hi,

I defined a group policy on a W2K3 server with which a script "logon.bat" should run if a user logon to a W'XP machine. The script is simple, maps partitions + runs fine if processed locally.
The GPO looks

Computer Configuration [Enabled]
  Administrative Templates
    System/Logon
      Policy
      Always wait for the network at computer startup and logon   Endabled

User Configuration [Enabled]
  Windows Settings
    Scripts
      Logon
        Name
        Logon.bat
  Adminstrative Templates
    System/Scripts
      Policy
      Run legacy logon scriipts hidden      Enabled
      Run logn scripts synchronously        Enabled
      Run logon scripts visible                  Enabled

Any suggestions?
0
GeologyETH
Asked:
GeologyETH
  • 4
  • 3
1 Solution
 
jar3817Commented:
The script is running but giving an error or the script is not running?  If the script just isn't running I would make sure the XP machine is a member of that domain and that your DNS is set up correctly. I know GPO's don't run if there is problems with your DNS setup. Make sure the workstation can resolve the ad domain and the server can resolve the workstations ip and name. Also make sure no outside dns servers are specified (on the clients or servers). Only nameserver that are authoritative for your AD domain or at least know about it and forward correctly should be used.  
0
 
GeologyETHAuthor Commented:
The script isn't running. It's seems to be in general that all GPOs which defines a "Computer Configuration" run + those defining a "User Configuration" fails. Or maybe the "User Configuration" GPOs run. but it has no effect on a W'XP machine.
The W'XP PC is in the domain and the DNS is setup correctly. Nevertheless, maybe the source of trouble: the PCs with the names xxx + are inlcude into the domain "D" then as "xxx.d.ethz.ch". The IP-No. is given dynamically so that the "xxx.d.ethz.ch" points that IP-No., but the DNS entry of that IP-No. will be "yyy.ethz.ch". The set of {xxx} of the PC names is a subset of {yyy} the DNS entries used by the dhcp server.
0
 
jar3817Commented:
is the primary dns suffix set to the AD domain on the workstation? Make sure the clients can talk to the server using only the server's name (minus the domain part). Like try "ping dc1" or "ping dc2" or whatever you named your domain controllers.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
GeologyETHAuthor Commented:
I tested it + it works. The problem is maybe in general that all the GPOs with "Computer Configuration" works fine, but those with "User Configuration" does not.
0
 
jar3817Commented:
hmmm...I've never heard of one working but the other not. This might be a stupid question...is the policy defined on an OU that this particular user account is located in?  And are there any policies below this one that would stop the policy (the "block policy inheritance" checkbox checked)?
0
 
GeologyETHAuthor Commented:
got it; what a stupid mistake.
0
 
jar3817Commented:
glad to hear it (that you figured it out).
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now