oceansupport
asked on
Logon Script thru GPO in Active Directory
Using Group Policy to run logon script and push registry fix out to computers:
I have a GPO for OU Test Accounts that contains:
\\DomainName.Local\NETLOGO N\DST2007U pdate_Win2 K.cmd
Netlogon contains the CMD file, VBScript and The RegUpdate file based on Microsoft KB: Http://support.microsoft.com/kb/914387
the OU Test Accounts has my Test Computer account as well as my test UserID: TestAccount.
For kicks, I also added a GPO to change the desktop to make sure the policy is doing at least "something"
Nothing executes on reboot or logon....no evidence in my event log.
Any ideas on where to troubleshoot?
I have a GPO for OU Test Accounts that contains:
\\DomainName.Local\NETLOGO
Netlogon contains the CMD file, VBScript and The RegUpdate file based on Microsoft KB: Http://support.microsoft.com/kb/914387
the OU Test Accounts has my Test Computer account as well as my test UserID: TestAccount.
For kicks, I also added a GPO to change the desktop to make sure the policy is doing at least "something"
Nothing executes on reboot or logon....no evidence in my event log.
Any ideas on where to troubleshoot?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
carcenea: Your statement is correct for when the path to the script is not specified. If a path is specified then the client will use that. For the former, a script called "DST2007Update_Win2K.cmd" would run run from \\<logonserver>\SYSVOL\<do main>\Poli cies\{<GPO -GUID>}\Us er\Scripts \Logon
For the latter, a script called "\\DomainName.Local\NETLOG ON\DST2007 Update_Win 2K.cmd" would run from the specified path.
Therefore, the location of the script is not the cause of the failure.
oceansupport: Is your new GPO listed when you run gpresult on the test client?
For the latter, a script called "\\DomainName.Local\NETLOG
Therefore, the location of the script is not the cause of the failure.
oceansupport: Is your new GPO listed when you run gpresult on the test client?
ASKER
Ryangorman-
GPResult shows the new GPO is not listed. Where to from here?
Thanks
GPResult shows the new GPO is not listed. Where to from here?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have created a GPO in GPMC this doesn't mean that it is applied to any OU.
please confirm that your GPO is applied to desired OU.
to check that if the script is doing anything or not you should not change anything which can be influenced by some other poliry like walllpaper change (this change can be restrictd in policy), in my suggestion you should create some file on local system or shared folder (should be selected based on permission). I generally do create a file by placing command: "dir c: > c:\testscript.txt" in .bat or .cmd script.
If the GPO is linked to desired OU then next step should be verifying GPO filtering and inheritance.
please confirm that your GPO is applied to desired OU.
to check that if the script is doing anything or not you should not change anything which can be influenced by some other poliry like walllpaper change (this change can be restrictd in policy), in my suggestion you should create some file on local system or shared folder (should be selected based on permission). I generally do create a file by placing command: "dir c: > c:\testscript.txt" in .bat or .cmd script.
If the GPO is linked to desired OU then next step should be verifying GPO filtering and inheritance.
ASKER
If a GPO is created in GPMC and linked to an OU, I am assuming that this should create the desired result. I noticed that the computer OU doesn't appear in GPMC. So, I moved a test computer to my test OU assuming that this would work for computer. Had to grant explicit permissions to that OU in the Scope tab. How else can I apply a computer based GPO to a set of clients?
I think filtering and inheritance is causing my problem, but can't find specific documentation in the sea of whitepapers from Microsoft.
Hope this makes sense.
I think filtering and inheritance is causing my problem, but can't find specific documentation in the sea of whitepapers from Microsoft.
Hope this makes sense.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have the UserEnv log? If yes, please post here.
ASKER
No idea what was causing this issue. Scripts and Reg updates applied to both workstation and logon after I removed and re-added Authenticated Users to the scope.
ASKER
Thanks everyone for your time and your comments.
Crag
Crag
In order to get the file in the right location, edit the group policy that you're using to apply the logon script. Once you're at the Logon Properties for the logon script press the button at the bottom of the box that says "Show Files..." put you script and needed files in this folder and then your logon scripts should run.
Hope this helps!