Logon script fails on Terminal Server

Posted on 2009-05-14
Last Modified: 2013-11-10
Regular users fail to automatically get drive mappings (configured by group policy logon script) when logging on to our terminal server (Windows Server 2003). These same users get the drive mappings when logging on to their local workstations.

CRUCIAL: The regular users always get the drive mappings in the terminal server WHEN they execute the logon script MANUALLY. The logon script is the same file for all users in the domain.

However, Domain Admins users can AUTOMATICALLY get the drive mappings when logging on to our terminal server - just like logging on to their workstations.

HOW can I get regular users to automatically get drive mappings when logging on to the therminal server?
Question by:waforbes100
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 27

Expert Comment

ID: 24402285
Have you checked that the login script policy is actually applying to the users? Run an RSoP query on the TS server as one of the users (rsop.msc). Is it applying as a login script?

Could you possibly have a loopback policy on the the server blocking this login script which admins are exempt from?

Author Comment

ID: 24406793
Hello Blunt Tony: RSoP never shows the application of login scripts (at least not for XP or Server 2003).
Also, note the following:
1. The same login script works perfectly when users logon their workstations.
2. No loopback processing is configured for the local terminal server nor the Active Directory group policy.
3. The login script works when placed into the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder.

I hope the above three points are useful clues.
LVL 27

Expert Comment

ID: 24412149
You're correct about the login scripts - I was thinking startup scripts showing on an RSoP.

What about Terminal Services configuration? In the RDP-Tcp properties on the Client Settings tab there is an option to disable such things as Drive Mapping etc, also check the 'Permission Compatibility' option in the Server Settings container.

Why don't you try to add something to the script which will tell you whether it's being run at all, or whether just the mappings are failing? (e.g. a VB script MsgBox or similar).

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 24412665
Hello bluntTony,
I've attached JPEGs of the Terminal Services Configuration Server Settings and RDP-Tcp Client Settings.
Below, I have provided RDP-Tcp Permissions:
1. Administrators = Full Control (Allow)
2. Remote Desktop Users = User Access, Guest Access (Allow)
3. LOCAL SERVICE = Query Information (Allow), Message (Allow)
4. NETWORK SERVICE = Query Information (Allow), Message (Allow)
5. SYSTEM = Full Control (Allow)

LVL 27

Expert Comment

ID: 24421751
Have you tried to add something to the script that would prove whether it's running or not?

Author Comment

ID: 24422396
I don't know how to do this. I am attaching the VBS script as a TXT file for your review.
LVL 27

Accepted Solution

bluntTony earned 500 total points
ID: 24422482
I've added a line with a MsgBox command to throw up a window saying 'Script Running'. (near the top of the code)

Test this on a login and see if the box appears. If it does, the script is running but the mappings are failing, otherwise the script is not running.

Author Comment

ID: 24432457
bluntTony, your suspicions were right: the login script only runs for admin users. The message does not appear for regular users who log on to the terminal server.
QUESTION: What setting on this terminal server can prevent scripts from running for regular users?

Author Closing Comment

ID: 31581739
The solution provided allowed to determine the root of the problem; thus I was able to find a work-around: I placed the logon script in the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder, which resolved the issue.
However, I still don't know WHY the domain logon script won't execute for regular users (that hasn't been corrected - only worked-around).

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question