GPO do not appear in Policies/xxxx folder but are in Netlogon folder
I have created a few scripts in GPOs on a Windows 2003 server (using template/files from the W2k Server before it - during the rebuild I demoted this server and promoted another 2003 and then reversed back so the server I am working on is 2003 and is the PDC. So the GPOs are there but the scripts either are not working or need to be changed because of changes in location of data, etc).
The problem is when I click on the "Show Files" button on the Logon Scripts dialog box within the GPO Editor, I see no files. So I don't know if they are being added or not. Also I am confused with the difference between the netlogon folder and the sysvol folder. From what I have read, the netlogon is an older version of the newer sysvol - yet they both showed up when I did a new install of W2003??
Simply, how do you apply a script to a GPO and have it in the right place? I have tried adding just the actual command file, then tried browsing to the netlogon folder and selected the file so the entire location is in the Name field, and also have tried browsing around the policies folder in the sysvol folder but can't find the files in the "policies folder like they are supposed to be. They are in the "shared" \\domain\sysvol\domain.loc
Our students arrive next week and I am up a creek (without a boat like Hogan says) - fast help would be appreciated. I'm headed home now but will be checking when I get there and first thing in the morning.
The problem is when I click on the "Show Files" button on the Logon Scripts dialog box within the GPO Editor, I see no files. So I don't know if they are being added or not. Also I am confused with the difference between the netlogon folder and the sysvol folder. From what I have read, the netlogon is an older version of the newer sysvol - yet they both showed up when I did a new install of W2003??
Simply, how do you apply a script to a GPO and have it in the right place? I have tried adding just the actual command file, then tried browsing to the netlogon folder and selected the file so the entire location is in the Name field, and also have tried browsing around the policies folder in the sysvol folder but can't find the files in the "policies folder like they are supposed to be. They are in the "shared" \\domain\sysvol\domain.loc
Our students arrive next week and I am up a creek (without a boat like Hogan says) - fast help would be appreciated. I'm headed home now but will be checking when I get there and first thing in the morning.
It's your decision where to put your scripts while the best practices is putting them under respectively GPO folder. It's you who create the script and put it to where you like then let the GPO know via GPO GUI. By default the GUI will bring you to the GPO's folder but again you can put scripts anywhere(including netlogon). If you didn't put script under GPO folder, how can you expect to see it under there?
Putting script under GPO folder will let the system take care of the replication, not to mention it's easy to find and maintain. Netlogon is replicated among DCs as well.
Putting script under GPO folder will let the system take care of the replication, not to mention it's easy to find and maintain. Netlogon is replicated among DCs as well.
ASKER
toniur
The script(s) show up in 2 areas;
\\domain\NETLOGON
\\domain\SYSVOL
They are not listed when I select the "Show Files" button which points to \\domain\SysVol\domain\Pol
Are you saying that the script/file has to be in all 3 places? If so, I would assume then that I could enter them by selecting "Add", "Browse" to the netlogon folder and select the script/file that would placed it the Logon Scripts dialog box within the GPO Editor, and then, click on "Show Files" and copy it to the \\domain\SysVol\domain\Pol
thanks for the response last night, sorry I missed it but I'm at it again...
The script(s) show up in 2 areas;
\\domain\NETLOGON
\\domain\SYSVOL
They are not listed when I select the "Show Files" button which points to \\domain\SysVol\domain\Pol
Are you saying that the script/file has to be in all 3 places? If so, I would assume then that I could enter them by selecting "Add", "Browse" to the netlogon folder and select the script/file that would placed it the Logon Scripts dialog box within the GPO Editor, and then, click on "Show Files" and copy it to the \\domain\SysVol\domain\Pol
thanks for the response last night, sorry I missed it but I'm at it again...
No, script for this particular GPO should be only in \domain\SysVol\domain\Poli
Prepare all of your scripts in some folder for example "Scripts" (it can be on your desktop - it does not matter), then copy script from "scripts" folder to \domain\SysVol\domain\Poli
You can leave netlogon folder empty.
Prepare all of your scripts in some folder for example "Scripts" (it can be on your desktop - it does not matter), then copy script from "scripts" folder to \domain\SysVol\domain\Poli
You can leave netlogon folder empty.
ASKER
Ok, I remember doing something like that on the server when it was W2K, but when I didn't see them after my rebuild in the Policies area and did see them in the netlogon and sysvol shares I got confused. I guess something happened with the demo and promo procedure. ( I currrently have a folder on my desktop with all my script files that I use to make changes. I've always used those as templates but forgot how I got them into the actual GPO, I thought I just copied them into the netlogon folder...)
In any case, if I simply copy them into the \\domain\SysVol\domain\Pol
When you indicate ""copy script from "scripts" folder to \domain\SysVol\domain\Poli
Sorry for the persistence here but it has been a while since doing these and I have lost my memory of it.
In any case, if I simply copy them into the \\domain\SysVol\domain\Pol
When you indicate ""copy script from "scripts" folder to \domain\SysVol\domain\Poli
Sorry for the persistence here but it has been a while since doing these and I have lost my memory of it.
I should be more specific. When you'll click Add... button, new window will open. Then you'll have to click Browse... to actually select script file. Another window will open and it's location will be precisely "\\domain\SysVol\domain\Po
If you don't copy your script from "Scripts" folder to "\\domain\SysVol\domain\Po
You're adding entire location automatically, when you select script.
Forget Netlogon share, it has nothing to do with upper procedure. If you don't have any Windows 9x/Me or Windows NT 4.0 Workstation clients, you don't have to use Netlogon share.
If you need more information, let me know...
If you don't copy your script from "Scripts" folder to "\\domain\SysVol\domain\Po
You're adding entire location automatically, when you select script.
Forget Netlogon share, it has nothing to do with upper procedure. If you don't have any Windows 9x/Me or Windows NT 4.0 Workstation clients, you don't have to use Netlogon share.
If you need more information, let me know...
ASKER
thanks, I'm on my way back to work and will check this out. I'll get back to you in about an hour.
many thanks for your patience
many thanks for your patience
ASKER
I think I follow. I did what you described earlier in my process here but I assumed that the browse would enable me to find the file and then after selecting it would place it in the GPO folder (\\domain\SysVol\domain\Po
So I from what I understand, I am to just use windows explorer and manually copy the script file into the \\domain\SysVol\domain\Pol
So I from what I understand, I am to just use windows explorer and manually copy the script file into the \\domain\SysVol\domain\Pol
Did you read my response?
Scripts don't have to be under GPO folder (though it's best practice). The system is not going to copy your scripts to SYSVOL\policies folder automatically. I believe i answered all your questions in my first post but you might just missed it.
Scripts don't have to be under GPO folder (though it's best practice). The system is not going to copy your scripts to SYSVOL\policies folder automatically. I believe i answered all your questions in my first post but you might just missed it.
ASKER
STRONGLINE
Yes I have read all the responses - and I appreciate yours. (It'd be silly not to read all the responses to my own question...) My frustration is with the disconnect between what I am reading and what I am seeing. I have tried to explain what I have here but perhaps I am not being clear or my comments are not being read completely - some assumptions are being made perhaps.
I know most would prefer to know what time it is and not how the clock works but I really need to understand, from experts like you all, how this works. I've read a good deal on it and have used all the help files I can find but I need "real world" input from you all.
Again the situation is that I have files/scripts that work OK but are in a place or format that are not consistent with the responses to this post so far. For example, there is a logon script that shows up in the GPO editor and the Name field of the Logon Properties box as \\domain\SysVol\domain\scr
TONIUR (as well)
I understand about NETLOGON now and how it doesn't play a roll in any of this. I also understand that the script SHOULD be under the GPO folder. Anything I do in the NETLOGON folder duplicates in the \\domain\sysvol\domain\scr
Does this procedure stated above (restated here) make sense?
I can open the GPO editor and find appropriate folder for scripts in that GPO. Using windows explorer, manually copy the script file from my desktop script folder into the \\domain\SysVol\domain\Pol
If that is correct, why after a few minutes, the description of the file in the name field of the Logon Properties box of the GPO shows that file now as \\domain\NETLOGON\filename
Should I remove all the files from the NETLOGON folder?
There are a few questions in this post - I apologize for the rambling. Hope you can sort it out and respond to them.
Yes I have read all the responses - and I appreciate yours. (It'd be silly not to read all the responses to my own question...) My frustration is with the disconnect between what I am reading and what I am seeing. I have tried to explain what I have here but perhaps I am not being clear or my comments are not being read completely - some assumptions are being made perhaps.
I know most would prefer to know what time it is and not how the clock works but I really need to understand, from experts like you all, how this works. I've read a good deal on it and have used all the help files I can find but I need "real world" input from you all.
Again the situation is that I have files/scripts that work OK but are in a place or format that are not consistent with the responses to this post so far. For example, there is a logon script that shows up in the GPO editor and the Name field of the Logon Properties box as \\domain\SysVol\domain\scr
TONIUR (as well)
I understand about NETLOGON now and how it doesn't play a roll in any of this. I also understand that the script SHOULD be under the GPO folder. Anything I do in the NETLOGON folder duplicates in the \\domain\sysvol\domain\scr
Does this procedure stated above (restated here) make sense?
I can open the GPO editor and find appropriate folder for scripts in that GPO. Using windows explorer, manually copy the script file from my desktop script folder into the \\domain\SysVol\domain\Pol
If that is correct, why after a few minutes, the description of the file in the name field of the Logon Properties box of the GPO shows that file now as \\domain\NETLOGON\filename
Should I remove all the files from the NETLOGON folder?
There are a few questions in this post - I apologize for the rambling. Hope you can sort it out and respond to them.
"show files" is just a button that opens up a window to the GPO's script folder. Like I said earlier, if you don't/didn't put your script under that folder, system will NOT copy the script to this folder. It stays where you have selected for the script - any shared folder in your domain that your users have access to. In your case, you, or your predessor, have put the script under \\domain\SysVol\domain\scr
I don't understand why you bother so much what you see in "show files", that is a button won't affect anything. If you want to see your script to be there, simply copy your filename.bat into that folder (manually!), that change the Name field of your Logon Script Propoerties to point to the new place. Because the fact that GPO defaults to its own script folder to look for scripts, you can simply put the file name of your script (namely without having to specifying the full path) in the Name field, which makes it look a bit nicer, and that is all about it. In other words, if you don't put the script under the system-preferred folder, you will have to specify full path like \\domain\SysVol\domain\scr
There are misleading info in other posts i think you should be able to tell by now.
I don't understand why you bother so much what you see in "show files", that is a button won't affect anything. If you want to see your script to be there, simply copy your filename.bat into that folder (manually!), that change the Name field of your Logon Script Propoerties to point to the new place. Because the fact that GPO defaults to its own script folder to look for scripts, you can simply put the file name of your script (namely without having to specifying the full path) in the Name field, which makes it look a bit nicer, and that is all about it. In other words, if you don't put the script under the system-preferred folder, you will have to specify full path like \\domain\SysVol\domain\scr
There are misleading info in other posts i think you should be able to tell by now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
my question about why the file/script keeps changing is not answered. I have done exactly as you and toniur have suggested but within minutes the name has been changed to reflect a path to netlogon - and I didn't use that location/file. So... should I remove all references to files/scripts that are in the netlogon folder and just use the location under the GPO? It could be that they are left over from previous admin. I would rather use "best practice" as you and others have indicated for the location of these files.
ASKER
I know it is OK to "put the script under \\domain\SysVol\domain\scr
Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.
Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.
ASKER
I just read your 8:25 post - thank you. I do understand the majority of what you are saying and suggesting.
But do you understand my confusion? Evidentally, the admins before me were placing these files in a couple of places (or maybe just the netlogon folder and they get replicated/copied to the sysvol/scripts folder by the system). So I didn't really understand the best practice.
I went ahead and removed the files from the netlogon folder (they also dissapeared from the sysvol/scripts folder) and copied them manually! (I liked your !) in the \domain\SysVol\domain\Poli
I checked the GPO on a client machine and it would appear that all scripts are running. It just bothered me that they were in different places which lead to confusion about applying them...
But do you understand my confusion? Evidentally, the admins before me were placing these files in a couple of places (or maybe just the netlogon folder and they get replicated/copied to the sysvol/scripts folder by the system). So I didn't really understand the best practice.
I went ahead and removed the files from the netlogon folder (they also dissapeared from the sysvol/scripts folder) and copied them manually! (I liked your !) in the \domain\SysVol\domain\Poli
I checked the GPO on a client machine and it would appear that all scripts are running. It just bothered me that they were in different places which lead to confusion about applying them...
ASKER
Can I safely remove all files/scripts from netlogon folder (which will remove them from the \\domain\sysvol\domain\scr
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No worries toniur, thanks for the reply.
Based on responses from both of you I have a much better idea of how GPOs with scripts and shares work now. Because you both broke it down and addressed different aspects of my question, I would like to split the points. I hope that is OK.
Based on responses from both of you I have a much better idea of how GPOs with scripts and shares work now. Because you both broke it down and addressed different aspects of my question, I would like to split the points. I hope that is OK.
ASKER
Thank you both for being patient and sticking with my numerous questions. Take care.
if you move your script from one location to another, you got to check within your GPOs so the "name box" pointing to the new location. That is all.
[Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.]
Good question. There are admins they don't have much experience, which is perfectly ok as long as they ask and learn. They are admins they do have the knowledge but they still put scripts all over the place (or any other stuff, for that matter). It's just personal style(or bad habit, should I say?). Anyways, glad we could help and enjoy your weekend.
[Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.]
Good question. There are admins they don't have much experience, which is perfectly ok as long as they ask and learn. They are admins they do have the knowledge but they still put scripts all over the place (or any other stuff, for that matter). It's just personal style(or bad habit, should I say?). Anyways, glad we could help and enjoy your weekend.
You can still use netlogon folder for logon scripts, but then you have to specify logon script name in properties of user account. Netlogon still exists for backwards compatibility.
If you want to use GPO for scripts, you have to copy your script in to folder, which opens up, when you click Show files, then click Add... and select script. This ensures proper replication of script files to other domain controllers.
HTH
Toni