CG_HD
asked on
Problem running startup script via group policy v.2
Windows 2003 AD environment&
In one of our Domain level policies I have added a batch file that will remove office 2003 from each workstation that is a part of a certain security group. The problem is the script does not process when users log in. The script/GPO worked for weeks while linked to the domain level OU and suddenly it stopped...nothing changed to my knowledge. I tried to revise the script under User Configuration and Computer Configuration and neither works. I know the script works as it has been tested since the problem surfaced...it just doesnt run when attached to a GPO.
If I create a new GPO and don't link it to anything the script will properly attached to the GPO and is viewable when the "show files" button is selected. After linking the GPO to an OU the ability to view the script with the "show files" button is lost...I get message that tells me "the folder location does not exist"&see pic below
Side note all domain level policys have this issue, only lower level policys seem to have to ability to run scripts appropriately. Although it seems that only active lower level policys accept a new scripts& New lower level policys loose ability to show files and run at login when attached to a OU.
In one of our Domain level policies I have added a batch file that will remove office 2003 from each workstation that is a part of a certain security group. The problem is the script does not process when users log in. The script/GPO worked for weeks while linked to the domain level OU and suddenly it stopped...nothing changed to my knowledge. I tried to revise the script under User Configuration and Computer Configuration and neither works. I know the script works as it has been tested since the problem surfaced...it just doesnt run when attached to a GPO.
If I create a new GPO and don't link it to anything the script will properly attached to the GPO and is viewable when the "show files" button is selected. After linking the GPO to an OU the ability to view the script with the "show files" button is lost...I get message that tells me "the folder location does not exist"&see pic below
Side note all domain level policys have this issue, only lower level policys seem to have to ability to run scripts appropriately. Although it seems that only active lower level policys accept a new scripts& New lower level policys loose ability to show files and run at login when attached to a OU.
- copy of script -
c:
cd\
:check for flag
if exist "c:\flags\office uninstall.txt" GOTO END
if NOT exist c:\flags md c:\flags
copy "\\server\CG-DATA\IT\Flags\office uninstall.txt" "c:\flags\office uninstall.txt"
:FLAGCHECK
if exist "c:\flags\office uninstall.txt" GOTO office uninstall
if NOT exist c:\flags md c:\flags
copy "\\server\CG-DATA\IT\Flags\office uninstall.txt" "c:\flags\office uninstall.txt"
GOTO FLAGCHECK
:Office uninstall
msiexec /x {90110409-6000-11D3-8CFE-0150048383C9} /qb-
:Restart PC
shutdown /r /c "The uninstallation of office 2003 is complete and the system is restarting."
GOTO END
:END
EXIT
- Script end -
error.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I cannot get to the full path of the policy logged in as a standard user and when I try to check the permissions on the folder the "security" tab is missing...looks like were headed in the right directions here as I can get to the "security" tab and browse the full path on policy's that are working correctly with scripts.
the example on the left shows a funtional directory with a script and on the right is the one that I cannot access nor look at the security permissions.
ad.bmp
the example on the left shows a funtional directory with a script and on the right is the one that I cannot access nor look at the security permissions.
ad.bmp
ASKER
The systems are getting the policy assignment correctly (verified via gpresult). I'm pretty certain if we reslove this permission issue we should be able to resolve the problem...I'll try to change up the script location as you sugested after we figure out what's up with permissions if need be.
thanks again!!!
thanks again!!!
ASKER
After correcting the permissions on the directory structure and taking suggestion 1 for GPO configuration the script is finally running correctly....whahoo!
One last thing though...the script is prompting the user to run "the publisher cannot be verified" during startup - pic below - any suggestions to getting it to run without a prompt?
these are some well earned points :)
pic.bmp
One last thing though...the script is prompting the user to run "the publisher cannot be verified" during startup - pic below - any suggestions to getting it to run without a prompt?
these are some well earned points :)
pic.bmp
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sweet job NoEvil...you were right on the money each time I asked a question.
Much Appreciated!!
Much Appreciated!!
ASKER
I used the following setting as apart of the GPO and now the script runs without prompting the user...thanks again!
Computer Configuration\Adimistrativ e Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Pages\
Site To Zone Assignment List <-
Name : *.cadientint.com
Value : 1
Intranet Zone Template <-
Medium Low <- I think this is the default setting
Computer Configuration\Adimistrativ
Site To Zone Assignment List <-
Name : *.cadientint.com
Value : 1
Intranet Zone Template <-
Medium Low <- I think this is the default setting
Try to get to that script path from the run menu. Does it work?