Solved

Logon script fails on Terminal Server

Posted on 2009-05-14
9
750 Views
Last Modified: 2013-11-10
Regular users fail to automatically get drive mappings (configured by group policy logon script) when logging on to our terminal server (Windows Server 2003). These same users get the drive mappings when logging on to their local workstations.

CRUCIAL: The regular users always get the drive mappings in the terminal server WHEN they execute the logon script MANUALLY. The logon script is the same file for all users in the domain.

However, Domain Admins users can AUTOMATICALLY get the drive mappings when logging on to our terminal server - just like logging on to their workstations.

HOW can I get regular users to automatically get drive mappings when logging on to the therminal server?
0
Comment
Question by:waforbes100
  • 5
  • 4
9 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402285
Have you checked that the login script policy is actually applying to the users? Run an RSoP query on the TS server as one of the users (rsop.msc). Is it applying as a login script?

Could you possibly have a loopback policy on the the server blocking this login script which admins are exempt from?
0
 

Author Comment

by:waforbes100
ID: 24406793
Hello Blunt Tony: RSoP never shows the application of login scripts (at least not for XP or Server 2003).
Also, note the following:
1. The same login script works perfectly when users logon their workstations.
2. No loopback processing is configured for the local terminal server nor the Active Directory group policy.
3. The login script works when placed into the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder.

I hope the above three points are useful clues.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24412149
You're correct about the login scripts - I was thinking startup scripts showing on an RSoP.

What about Terminal Services configuration? In the RDP-Tcp properties on the Client Settings tab there is an option to disable such things as Drive Mapping etc, also check the 'Permission Compatibility' option in the Server Settings container.

Why don't you try to add something to the script which will tell you whether it's being run at all, or whether just the mappings are failing? (e.g. a VB script MsgBox or similar).

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:waforbes100
ID: 24412665
Hello bluntTony,
I've attached JPEGs of the Terminal Services Configuration Server Settings and RDP-Tcp Client Settings.
Below, I have provided RDP-Tcp Permissions:
1. Administrators = Full Control (Allow)
2. Remote Desktop Users = User Access, Guest Access (Allow)
3. LOCAL SERVICE = Query Information (Allow), Message (Allow)
4. NETWORK SERVICE = Query Information (Allow), Message (Allow)
5. SYSTEM = Full Control (Allow)

TSC-Server-Settings.JPG
Client-Settings-RDP-Tcp.JPG
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24421751
Have you tried to add something to the script that would prove whether it's running or not?
0
 

Author Comment

by:waforbes100
ID: 24422396
I don't know how to do this. I am attaching the VBS script as a TXT file for your review.
Mapdrives.txt
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 500 total points
ID: 24422482
I've added a line with a MsgBox command to throw up a window saying 'Script Running'. (near the top of the code)

Test this on a login and see if the box appears. If it does, the script is running but the mappings are failing, otherwise the script is not running.
Mapdrives.txt
0
 

Author Comment

by:waforbes100
ID: 24432457
bluntTony, your suspicions were right: the login script only runs for admin users. The message does not appear for regular users who log on to the terminal server.
QUESTION: What setting on this terminal server can prevent scripts from running for regular users?
0
 

Author Closing Comment

by:waforbes100
ID: 31581739
The solution provided allowed to determine the root of the problem; thus I was able to find a work-around: I placed the logon script in the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder, which resolved the issue.
However, I still don't know WHY the domain logon script won't execute for regular users (that hasn't been corrected - only worked-around).
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question