• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

GP user logon scripts fails

Hi,

I defined a group policy on a W2K3 server with which a script "logon.bat" should run if a user logon to a W'XP machine. The script is simple, maps partitions + runs fine if processed locally.
The GPO looks

Computer Configuration [Enabled]
  Administrative Templates
    System/Logon
      Policy
      Always wait for the network at computer startup and logon   Endabled

User Configuration [Enabled]
  Windows Settings
    Scripts
      Logon
        Name
        Logon.bat
  Adminstrative Templates
    System/Scripts
      Policy
      Run legacy logon scriipts hidden      Enabled
      Run logn scripts synchronously        Enabled
      Run logon scripts visible                  Enabled

Any suggestions?
0
GeologyETH
Asked:
GeologyETH
  • 4
  • 3
1 Solution
 
jar3817Commented:
The script is running but giving an error or the script is not running?  If the script just isn't running I would make sure the XP machine is a member of that domain and that your DNS is set up correctly. I know GPO's don't run if there is problems with your DNS setup. Make sure the workstation can resolve the ad domain and the server can resolve the workstations ip and name. Also make sure no outside dns servers are specified (on the clients or servers). Only nameserver that are authoritative for your AD domain or at least know about it and forward correctly should be used.  
0
 
GeologyETHAuthor Commented:
The script isn't running. It's seems to be in general that all GPOs which defines a "Computer Configuration" run + those defining a "User Configuration" fails. Or maybe the "User Configuration" GPOs run. but it has no effect on a W'XP machine.
The W'XP PC is in the domain and the DNS is setup correctly. Nevertheless, maybe the source of trouble: the PCs with the names xxx + are inlcude into the domain "D" then as "xxx.d.ethz.ch". The IP-No. is given dynamically so that the "xxx.d.ethz.ch" points that IP-No., but the DNS entry of that IP-No. will be "yyy.ethz.ch". The set of {xxx} of the PC names is a subset of {yyy} the DNS entries used by the dhcp server.
0
 
jar3817Commented:
is the primary dns suffix set to the AD domain on the workstation? Make sure the clients can talk to the server using only the server's name (minus the domain part). Like try "ping dc1" or "ping dc2" or whatever you named your domain controllers.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
GeologyETHAuthor Commented:
I tested it + it works. The problem is maybe in general that all the GPOs with "Computer Configuration" works fine, but those with "User Configuration" does not.
0
 
jar3817Commented:
hmmm...I've never heard of one working but the other not. This might be a stupid question...is the policy defined on an OU that this particular user account is located in?  And are there any policies below this one that would stop the policy (the "block policy inheritance" checkbox checked)?
0
 
GeologyETHAuthor Commented:
got it; what a stupid mistake.
0
 
jar3817Commented:
glad to hear it (that you figured it out).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now