We help IT Professionals succeed at work.

Logon script for different locations using group policy on each site is not working.

ohmErnie
ohmErnie asked
on
263 Views
Last Modified: 2010-04-18
I am trying to setup Group Policies for each of my locations to run the logon script for that location.  The problem I ran into is my administrator type accounts are running the logon script.  I do not want this to happen so with the help from the experts, I create an AD group called NO LOGON SCRIPT and put the administrator accounts in there and then added this group to the group policy delegation and denied all rights.  This kept the script from running, but keeps my admininstrator account from getting back in to modify the policy, cause i dont have rights.  So I thought I could just throw computer accounts in the NO LOGON SCRIPT group, but this does not seem to stop the script from running.   I want different logon scripts to run based on the users location.  The user works out of all locations, so switching the users OU or logon on the profile tab is a pain.   Any suggestions?
Comment
Watch Question

Set the logon script up in a GPO and link the GPO to the site?

Author

Commented:
Read my whole question.  I'm already that far.  I do not want all users (admins) in the site to run the logon script.
It's a little unclear; the admins already have denied access to read and apply the group policy?
logon scripts dont apply for computers they use startup scripts. cant you just create a security group aet up the GPO and apply it to that group and then add users to that
hNG ON I SEE WHAT YOU HAVE DONE you want to allow administrator delegation and you want to add the group to the security filter under scope options
make sure administrators are not part of the security group also

Author

Commented:
The problem is domain admins has rights to this "site policy"  Therefore, if I take domain admin out, I have no way to modify the site policy or access it.
yeh add doamin admins to the delegates .    delegates let you modify the GPO secrity filter under scope is what applys the GPO to the group
so add the group to security filter and then add who you want to modify the policy  under delegates
by giving you administrator deny on the delegation that is whats stopping them from modifying
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.