oceansupport
asked on
Logon Script thru GPO in Active Directory
Using Group Policy to run logon script and push registry fix out to computers:
I have a GPO for OU Test Accounts that contains:
\\DomainName.Local\NETLOGO
Netlogon contains the CMD file, VBScript and The RegUpdate file based on Microsoft KB: Http://support.microsoft.com/kb/914387
the OU Test Accounts has my Test Computer account as well as my test UserID: TestAccount.
For kicks, I also added a GPO to change the desktop to make sure the policy is doing at least "something"
Nothing executes on reboot or logon....no evidence in my event log.
Any ideas on where to troubleshoot?
I have a GPO for OU Test Accounts that contains:
\\DomainName.Local\NETLOGO
Netlogon contains the CMD file, VBScript and The RegUpdate file based on Microsoft KB: Http://support.microsoft.com/kb/914387
the OU Test Accounts has my Test Computer account as well as my test UserID: TestAccount.
For kicks, I also added a GPO to change the desktop to make sure the policy is doing at least "something"
Nothing executes on reboot or logon....no evidence in my event log.
Any ideas on where to troubleshoot?
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
carcenea: Your statement is correct for when the path to the script is not specified. If a path is specified then the client will use that. For the former, a script called "DST2007Update_Win2K.cmd" would run run from \\<logonserver>\SYSVOL\<do
For the latter, a script called "\\DomainName.Local\NETLOG
Therefore, the location of the script is not the cause of the failure.
oceansupport: Is your new GPO listed when you run gpresult on the test client?
For the latter, a script called "\\DomainName.Local\NETLOG
Therefore, the location of the script is not the cause of the failure.
oceansupport: Is your new GPO listed when you run gpresult on the test client?
ASKER
Ryangorman-
GPResult shows the new GPO is not listed. Where to from here?
Thanks
GPResult shows the new GPO is not listed. Where to from here?
Thanks
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you have created a GPO in GPMC this doesn't mean that it is applied to any OU.
please confirm that your GPO is applied to desired OU.
to check that if the script is doing anything or not you should not change anything which can be influenced by some other poliry like walllpaper change (this change can be restrictd in policy), in my suggestion you should create some file on local system or shared folder (should be selected based on permission). I generally do create a file by placing command: "dir c: > c:\testscript.txt" in .bat or .cmd script.
If the GPO is linked to desired OU then next step should be verifying GPO filtering and inheritance.
please confirm that your GPO is applied to desired OU.
to check that if the script is doing anything or not you should not change anything which can be influenced by some other poliry like walllpaper change (this change can be restrictd in policy), in my suggestion you should create some file on local system or shared folder (should be selected based on permission). I generally do create a file by placing command: "dir c: > c:\testscript.txt" in .bat or .cmd script.
If the GPO is linked to desired OU then next step should be verifying GPO filtering and inheritance.
ASKER
If a GPO is created in GPMC and linked to an OU, I am assuming that this should create the desired result. I noticed that the computer OU doesn't appear in GPMC. So, I moved a test computer to my test OU assuming that this would work for computer. Had to grant explicit permissions to that OU in the Scope tab. How else can I apply a computer based GPO to a set of clients?
I think filtering and inheritance is causing my problem, but can't find specific documentation in the sea of whitepapers from Microsoft.
Hope this makes sense.
I think filtering and inheritance is causing my problem, but can't find specific documentation in the sea of whitepapers from Microsoft.
Hope this makes sense.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Do you have the UserEnv log? If yes, please post here.
ASKER
No idea what was causing this issue. Scripts and Reg updates applied to both workstation and logon after I removed and re-added Authenticated Users to the scope.
ASKER
Thanks everyone for your time and your comments.
Crag
Crag
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
In order to get the file in the right location, edit the group policy that you're using to apply the logon script. Once you're at the Logon Properties for the logon script press the button at the bottom of the box that says "Show Files..." put you script and needed files in this folder and then your logon scripts should run.
Hope this helps!