Group Policy Objects

Posted on 2006-10-19
Last Modified: 2008-01-09
Running windows server 2003. Does a client computer have to be a "managed" pc with the guid entered for any of the settings in the group policy under "computer configuration " to take effect?

I am trying to set up a log on script to add the shared printer to all the pc's on the network but none of the settings in the "computer configuration" section of the GPO will take.

The ones I set in the "user configuration" section of the GPO work great.

Also If I get the log on script to work in the "computer configuration" section will this load the printer onto that pc for all users that log on because currently it always displays "connecting to" the shared printer at log on.

Question by:amdvar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 18

Accepted Solution

Don S. earned 125 total points
ID: 17768025
In order to get a Group Policy, a computer must have been joined to the domain and must be in a container or OU that the GPO is applied to.  As for shared printers, are you referring to a printer that is setup on a particular computer and is set as shared?  That would then be treated as a newtork printer.  Network printers are User profile dependant.  If I have a lot of them, I usually create a VB script to run at login time to dynamically assign network printers.

Author Comment

ID: 17768161
Yes the printer is shared on the server \\server\lexmark

We have roaming users and I was hoping to get away from the box that came up every time someone logged on saying it was connecting to "lexmark on server"

LVL 17

Expert Comment

ID: 17768601
Where I work, printers are asigned to the user logging on by means of a kix-script witch is called from a common logon.bat.
In the printer.kix there is a 'case' statement for every room telling whitch printer(s) to connect to. The the printer.kix will sort this out by means of the OU in whitch the  logged on to computer is placed.

If you are interested I can post an ex. tomorrow
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 17768880
Sure that would be great

LVL 11

Assisted Solution

by:Chris Gralike
Chris Gralike earned 50 total points
ID: 17770058
the same can be done using windows WMI scripting. If you would like an example just call out. the WMI doesnt show as a dos box like kix does, dont miss understand me, kix was great when the WMI objects wherent sufficient to do all the tasks one would like. But this has changed with windows 2K / 2K3 where vbs / wmi are the slowly becomming the standard for login scripts.

Next to that, depending on your AD design, wmi is able to enumerate allready mapped drives, enumerate group objects in wich users / computers are placed and or enumerate in wich OU the domain object resides. A disadvantage is that WMI / VBS is harder to understand, and kix is verry straight forward....


Expert Comment

ID: 17770702
I would like to see the examples of both.
LVL 17

Assisted Solution

jburgaard earned 75 total points
ID: 17770791
In this simple ex. in room 1 you have a printer and a plotter and want to use the minoltaprinter on prtsrv1 as default.
In room2 the script also deletes an unwanted connection.

If working with a nested OU-structure, this script will find the deepest level of OU and try to find a match in the case-select structure

CALL @LSERVER + "\netlogon\kix\translatename.kix"

; Find the OU where the Computer is placed
$name1 = "@Domain\@wksta$"
$TranslateComputerName = TranslateName(3, "", 3, $name1, 1)
$rc = split($TranslateComputerName[0],",")
$OUnavn = substr($rc[1],4)

? $OUnavn

      CASE $OUnavn = "room1"
            if AddPrinterConnection("\\prtsrv1\minolta") = 0 ? "Printer ok" ENDIF
            if AddPrinterConnection("\\prtsrv1\plot") = 0 ? "Printer ok" ENDIF
            if SetDefaultPrinter("\\prtsrv1\minolta") = 0 ? "Set default printer" ENDIF
      CASE $OUnavn = "room2"
            if AddPrinterConnection("\\prtsrv2\room2") = 0 ? "Printer ok" ENDIF
            if SetDefaultPrinter("\\prtsrv2\room2") = 0 ? "Set default printer" ENDIF
            if ExistKey("HKEY_CURRENT_USER\Printers\Connections\,,prtsrv1,plot") = 0
                  $x = DELPRINTERCONNECTION ("\\prtsrv1\plot")  

FUNCTION TranslateName ($inittype, $bindname, $lookupnametype, $lookupname, $returnnametype)
  DIM $inittype, $bindname, $lookupnametype, $lookupname, $returnnametype
  DIM $nametranslate, $returnname, $error, $errortext

  $error = 0
  $errortext = ""
  $returnname = ""
  $nametranslate = CreateObject ("NameTranslate")
  $error = @error
  $errortext = @serror
  IF ($error = 0)
    $nametranslate.init ($inittype, $bindname)
    $error = @error
    $errortext = @serror
    IF ($error = 0)
      $nametranslate.set ($lookupnametype, $lookupname)
      $error = @error
      $errortext = @serror
      IF ($error = 0)
        $returnname = $nametranslate.get($returnnametype)
        $error = @error
        $errortext = @serror
  $translatename = $returnname, $error, $errortext
ENDFUNCTION ; - TranslateName
FUNCTION InContainer ($container, $nametype)
  DIM $container, $currentcontainer, $nametype, $name1, $name2
  CASE $nametype = "Computer"
    $name1 = "@Domain\@wksta$"
  CASE $nametype = "User"
    $name1 = "@LDomain\@UserID"
  CASE 1
    $name1 = ""
  IF ($name1 <> "")
    $name2 = translatename(3, "", 3, $name1, 1)
    IF $name2[1] = 0
      $currentcontainer = Substr($name2[0], InStr($name2[0], ",")+1)
      CASE $currentcontainer = $container
        $incontainer = 1, $name2[1], $name2[2]
      CASE InStr($name2[0], $container)
        $incontainer = 2, $name2[1], $name2[2]
      CASE 1
        $incontainer = 0, $name2[1], $name2[2]
      $incontainer = -2, $name2[1], $name2[2]
    $incontainer = -1, 0, ""
ENDFUNCTION ; - InContainer -
LVL 11

Expert Comment

by:Chris Gralike
ID: 17774280
You will need to combine these two...

(Printer migration script i wrote)

'#                                                        #'
'#  Printer Migratie Script, doel : Uitfacering AMISNT19  #'
'#  door : Chris Gralike                                  #'
'#  wanneer: 19-7-2005                                    #'
'#  voor: Amis Services BV                                #'
 '#                                                      #'

Set AmisNetwork = CreateObject("WScript.Network")

'#Remark# Disconnecting All Network Printers '
Set AmisPrint = AmisNetwork.EnumPrinterConnections
For LOOP_COUNTER = 0 To Amisprint.Count -1 Step 2
      If Left(AmisPrint.Item(LOOP_COUNTER +1) ,2) = "\\" Then
            AmisNetwork.RemovePrinterConnection AmisPrint.Item(LOOP_COUNTER +1),True ,True
      End If
WScript.sleep 200

AmisNetwork.AddWindowsPrinterConnection "\\AMIS\0MG-CLJ-A4N"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\0MG-MFP-A4"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\001-LJ-A4"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\001-LJ-A4-MS"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\1MG-DJ-A1"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\1MG-LJ-A4"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\2MG-LJ-A4"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\004-LJ-A4"
AmisNetwork.AddWindowsPrinterConnection "\\AMIS\006-LJ-A4N"
AmisNetwork.addWindowsPrinterConnection "\\\DIS-Laserprinter"
AmisNetwork.SetDefaultPrinter "\\AMIS\0MG-MFP-A4"

 Dim AMISShell
 Set AMISShell = WScript.CreateObject("WScript.Shell")
 Driveletter = "Y:"

AmisNetwork.MapNetworkDrive "Y:", "\\\data\Applications\Service & beheer\Scripts\Printer_Change""Y:\printers.reg")

WScript.sleep 6000

AmisNetwork.RemoveNetworkDrive Driveletter, True, True

Set AmisNetwork = Nothing
Set AmisPrint = Nothing
Set AMISShell = Nothing

----------An Example of Domain Object and selecting based on that,,, ----------

'       Document: AmisLogin.Vbs                      '
'      Author  : Chris Gralike                         '
'      Edited  : 29-6-2005                         '
'      Language: WScript _ VBS                         '

'#Remark# Defining Classes '

Dim AmisNetwork, AmisShell, objDomain, Domainstr, Userstr, locDrives, UserObj, Path

'#Remark# Setting Functions '
Set WHSNetwork = CreateObject("WScript.Network")
Set WHSShell   = CreateObject("WScript.Shell")

'#Remark# Find a Domain Name '
Set objDomain = GetObject("LDAP://rootDse")
Domainstr     = objDomain.Get("dnsHostName")

'#Remark# Find the Computername '
strComputer = WHSNetwork.ComputerName

'#Remark# Synchronise Computer time With NTP Server '
WHSShell.Run "Net Time \\AmisNT02 /Set /Yes"

'#Remark# Updating Policies just to be sure '

'#Remark# Disconnecting All Mapped Shares '

Set localDrives = WHSNetwork.EnumNetworkDrives
For i = 0 to localDrives.Count -1 step 2
      WHSNetwork.RemoveNetworkDrive localDrives.Item(i), True, True
Wscript.sleep 200

'#Remark# Find username, and bind it to userobject to find groups '

Userstr = WHSNetwork.UserName
Set UserObj = GetObject("WinNT://" & Domainstr & "/" & Userstr)

For Each GroupObj in UserObj.Groups
      ' Developers Comment    WSH.Echo GroupObj.Name'
      Select Case GroupObj.Name
'#Help# All text after The Case Function are Actuall Domain Groups '
      Case "Domain Users"
            'All Group dependant Network connections'
            WHSNetwork.MapNetworkDrive "O:", "\\Amis\Amis_Ora", True            
      End Select

WSH.echo "Logon Succesfull"

Set WHSNetwork = Nothing
Set WHSShell = Nothing
Set locDrives = Nothing
Set objDomain = Nothing
Set UserObj = Nothing

Hope this helps ;-)


ps there is allot of ducumentation on the various microsoft websites containing topics on this subject...

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question