• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 787
  • Last Modified:

GPO do not appear in Policies/xxxx folder but are in Netlogon folder

I have created a few scripts in GPOs on a Windows 2003 server (using template/files from the W2k Server before it - during the rebuild I demoted this server and promoted another 2003 and then reversed back so the server I am working on is 2003 and is the PDC.  So the GPOs are there but the scripts either are not working or need to be changed because of changes in location of data, etc).

The problem is when I click on the "Show Files" button on the Logon Scripts dialog box within the GPO Editor, I see no files.  So I don't know if they are being added or not.  Also I am confused with the difference between the netlogon folder and the sysvol folder.  From what I have read, the netlogon is an older version of the newer sysvol - yet they both showed up when I did a new install of W2003??

Simply, how do you apply a script to a GPO and have it in the right place?  I have tried adding just the actual command file, then tried browsing to the netlogon folder and selected the file so the entire location is in the Name field, and also have tried browsing around the policies folder in the sysvol folder but can't find the files in the "policies folder like they are supposed to be.  They are in the "shared" \\domain\sysvol\domain.local\scripts.

Our students arrive next week and I am up a creek (without a boat like Hogan says) - fast help would be appreciated.  I'm headed home now but will be checking when I get there and first thing in the morning.
0
jazmonster
Asked:
jazmonster
  • 11
  • 5
  • 4
2 Solutions
 
Toni UranjekConsultant/TrainerCommented:
Hi!

You can still use netlogon folder for logon scripts, but then you have to specify logon script name in properties of user account. Netlogon still exists for backwards compatibility.
If you want to use GPO for scripts, you have to copy your script in to folder, which opens up, when you click Show files, then click Add... and select script. This ensures proper replication of script files to other domain controllers.

HTH

Toni

0
 
stronglineCommented:
It's your decision where to put your scripts while the best practices is putting them under respectively GPO folder. It's you who create the script and put it to where you like then let the GPO know via GPO GUI. By default the GUI will bring you to the GPO's folder but again you can put scripts anywhere(including netlogon). If you didn't put script under GPO folder, how can you expect to see  it under there?

Putting script under GPO folder will let the system take care of the replication, not to mention it's easy to find and maintain. Netlogon is replicated among DCs as well.
0
 
jazmonsterAuthor Commented:
toniur
The script(s) show up in 2 areas;

\\domain\NETLOGON
\\domain\SYSVOL

They are not listed when I select the "Show Files" button which points to \\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon.

Are you saying that the script/file has to be in all 3 places?  If so, I would assume then that I could enter them by selecting "Add", "Browse" to the netlogon folder and select the script/file that would placed it the Logon Scripts dialog box within the GPO Editor, and then, click on "Show Files" and copy it to the \\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder.  The file(s) then get duplicated by the system to the \\domain\SYSVOL folder which shows up with all the shares - is that how it works???

thanks for the response last night, sorry I missed it but I'm at it again...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Toni UranjekConsultant/TrainerCommented:
No, script for this particular GPO should be only in \domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder.

Prepare all of your scripts in some folder for example "Scripts" (it can be on your desktop - it does not matter), then copy script from "scripts" folder to \domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder. Then click Add.. button, add script and that's it.

You can leave netlogon folder empty.
0
 
jazmonsterAuthor Commented:
Ok, I remember doing something like that on the server when it was W2K, but when I didn't see them after my rebuild in the Policies area and did see them in the netlogon and sysvol shares I got confused.  I guess something happened with the demo and promo procedure.  ( I currrently have a folder on my desktop with all my script files that I use to make changes.  I've always used those as templates but forgot how I got them into the actual GPO, I thought I just copied them into the netlogon folder...)

In any case, if I simply copy them into the \\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder will they then be replicated in both the netlogon and sysvol "shared" folders?

  When you indicate  ""copy script from "scripts" folder to \domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder. Then click Add.. button, add script and that's it.""  I understand the copy part of that but when I "Add", am I adding just the script file itself or the entire file location?  When I looked at a current script in the Logon Scripts dialog box within the GPO Editor, I see the entire file location (UNC I think it is called). so I thought I had to "add" like this, \\domain\NETLOGON\scriptname or \\domain\SYSVOL\scriptname.

Sorry for the persistence here but it has been a while since doing these and I have lost my memory of it.
0
 
Toni UranjekConsultant/TrainerCommented:
I should be more specific. When you'll click Add... button, new window will open. Then you'll have to click Browse... to actually select script file. Another window will open and it's location will be precisely  "\\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon" folder.
If you don't copy your script from "Scripts" folder to "\\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon" you will end up with empty folder. Although you can browse to another location - you shouldn't.

You're adding entire location automatically, when you select script.

Forget Netlogon share, it has nothing to do with upper procedure. If you don't have any Windows 9x/Me or Windows NT 4.0 Workstation clients, you don't have to use Netlogon share.

If you need more information, let me know...
0
 
jazmonsterAuthor Commented:
thanks, I'm on my way back to work and will check this out.  I'll get back to you in about an hour.

many thanks for your patience
0
 
jazmonsterAuthor Commented:
I think I follow.  I did what you described earlier in my process here but I assumed that the browse would enable me to find the file and then after selecting it would place it in the GPO folder (\\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon).  But because the "browse" took me to that folder  directly, which was empty, I was confused on why I was browsing to an empty folder that should contain scripts that I haven't even selected yet - do you understand my confusion with the process?

So I from what I understand, I am to just use windows explorer and manually copy the script file into the \\domain\SysVol\domain\Policies\{0A61XX7F-16E2-45XX-8E29-DAAXX2EAEXA1}\User\Scripts\Logon folder.  Then open the GPO editor and click on add, browse, select the file that I manually copied there.  In the Name field of the Logon Properties box, there should just be the file name, not the entire UNC.  Is that correct?
0
 
stronglineCommented:
Did you read my response?

Scripts don't have to be under GPO folder (though it's best practice). The system is not going to copy your scripts to SYSVOL\policies folder automatically. I believe i answered all your questions in my first post but you might just missed it.
0
 
jazmonsterAuthor Commented:
STRONGLINE
Yes I have read all the responses - and I appreciate yours.  (It'd be silly not to read all the responses to my own question...)  My frustration is with the disconnect between what I am reading and what I am seeing.  I have tried to explain what I have here but perhaps I am not being clear or my comments are not being read completely - some assumptions are being made perhaps.

I know most would prefer to know what time it is and not how the clock works but I really need to understand, from experts like you all, how this works.  I've read a good deal on it and have used all the help files I can find but I need "real world" input from you all.

Again the situation is that I have files/scripts that work OK but are in a place or format that are not consistent with the responses to this post so far.  For example, there is a logon script that shows up in the GPO editor and the Name field of the Logon Properties box as \\domain\SysVol\domain\scripts\filename.bat.  It however does not show up when I click the "Show Files" button - but it is working - that doesn't make sense.

TONIUR (as well)
I understand about NETLOGON now and how it doesn't play a roll in any of this.  I also understand that the script SHOULD be under the GPO folder.  Anything I do in the NETLOGON folder duplicates in the \\domain\sysvol\domain\scripts folder, and vv.  What is the \\domain\sysvol\domain\scripts folder for if the GPO actually uses the "Policies" folder?

Does this procedure stated above (restated here) make sense?
I can open the GPO editor and find appropriate folder for scripts in that GPO.  Using windows explorer, manually copy the script file from my desktop script folder into the \\domain\SysVol\domain\Policies\{APPROPRIATE FOLDER}\User\Scripts\Logon folder.  Then within the Logon Properties box, click on add, browse, select the file that I manually copied there.  In the Name field of the Logon Properties box, there should just be the file name, not the entire UNC.

If that is correct, why after a few minutes, the description of the file in the name field of the Logon Properties box of the GPO shows that file now as \\domain\NETLOGON\filename.

Should I remove all the files from the NETLOGON folder?

There are a few questions in this post - I apologize for the rambling.  Hope you can sort it out and respond to them.
0
 
stronglineCommented:
"show files" is just a button that opens up a window to the GPO's script folder. Like I said earlier, if you don't/didn't put your script under that folder, system will NOT copy the script to this folder. It stays where you have selected for the script - any shared folder in your domain that your users have access to. In your case, you, or your predessor, have put the script under \\domain\SysVol\domain\scripts\, which is completely OK.

I don't understand why you bother so much what you see in "show files", that is a button won't affect anything. If you want to see your script to be there, simply copy your filename.bat into that folder (manually!), that change the Name field of your Logon Script Propoerties to point to the new place. Because the fact that GPO defaults to its own script folder to look for scripts, you can simply put the file name of your script (namely without having to specifying the full path) in the Name field, which makes it look a bit nicer, and that is all about it. In other words, if you don't put the script under the system-preferred folder, you will have to specify full path like \\domain\SysVol\domain\scripts\filename.bat" (sorry for the redundant sentences but I just want to make easier to understand)

There are misleading info in other posts i think you should be able to tell by now.
0
 
stronglineCommented:
Ok I read my post again, and I see I am a terrible person explaining things. Hope I can explain better with below list:

1. You don't have to put logon/start script under its GPO's folder
2. You can put the script anywhere in your domain, as long as your user can access it when needed. Then when you press "show files", it will show you a blank folder, but that won't affect your GPO's ability to run the logon script successfully
3. If you put the script under the GPO's own script folder, you will see it by press "show files"
4. when you do put the script under GPO's script folder, you don't have to specify the full path in Name box; otherwise you have to put in full path.
0
 
jazmonsterAuthor Commented:
my question about why the file/script keeps changing is not answered.  I have done exactly as you and toniur have suggested but within minutes the name has been changed to reflect a path to netlogon - and I didn't use that location/file.  So... should I remove all references to files/scripts that are in the netlogon folder and just use the location under the GPO?  It could be that they are left over from previous admin.  I would rather use "best practice" as you and others have indicated for the location of these files.
0
 
jazmonsterAuthor Commented:
I know it is OK to "put the script under \\domain\SysVol\domain\scripts\, which is completely OK" but I want the system clean and want my staff and other coming after me to be able to have one location for scripts.  You mentioned best practice to place under GPO so can I safely remove all files/scripts from netlogon folder (which will remove them from the \\domain\sysvol\domain\scripts folder) then just use \\domain\SysVol\domain\Policies\{APPROPRIATE FOLDER}\User\Scripts\Logon folder under the GPO?

Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.

0
 
jazmonsterAuthor Commented:
I just read your 8:25 post - thank you.  I do understand the majority of what you are saying and suggesting.
But do you understand my confusion?  Evidentally, the admins before me were placing these files in a couple of places (or maybe just the netlogon folder and they get replicated/copied to the sysvol/scripts folder by the system).  So I didn't really understand the best practice.

I went ahead and removed the files from the netlogon folder (they also dissapeared from the sysvol/scripts folder) and copied them manually! (I liked your !) in the  \domain\SysVol\domain\Policies\{APPROPRIATE FOLDER}\User\Scripts\Logon folder under the GPO.  I then went through the "add" process and selected the copied file.

I checked the GPO on a client machine and it would appear that all scripts are running.  It just bothered me that they were in different places  which lead to confusion about applying them...
0
 
jazmonsterAuthor Commented:
Can I safely remove all files/scripts from netlogon folder (which will remove them from the \\domain\sysvol\domain\scripts folder) then just use \\domain\SysVol\domain\Policies\{APPROPRIATE FOLDER}\User\Scripts\Logon folder under the GPO?
0
 
Toni UranjekConsultant/TrainerCommented:
Hi!, Sorry for the delay and the answer to your last question is yes.
0
 
jazmonsterAuthor Commented:
No worries toniur, thanks for the reply.

Based on responses from both of you I have a much better idea of how GPOs with scripts and shares work now.  Because you both broke it down and addressed different aspects of my question, I would like to split the points.  I hope that is OK.
0
 
jazmonsterAuthor Commented:
Thank you both for being patient and sticking with my numerous questions.  Take care.
0
 
stronglineCommented:
if you move your script from one location to another, you got to check within your GPOs so the "name box" pointing to the new location. That is all.

[Like you said strongline, how can you expect to see the script if it's not there - further, if there isn't consistency with the process how can anyone expect to find it.]

Good question. There are admins they don't have much experience, which is perfectly ok as long as they ask and learn. They are admins they do have the knowledge but they still put scripts all over the place (or any other stuff, for that matter). It's just personal style(or bad habit, should I say?). Anyways, glad we could help and enjoy your weekend.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 11
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now