Logon script fails on Terminal Server

Posted on 2009-05-14
Last Modified: 2013-11-10
Regular users fail to automatically get drive mappings (configured by group policy logon script) when logging on to our terminal server (Windows Server 2003). These same users get the drive mappings when logging on to their local workstations.

CRUCIAL: The regular users always get the drive mappings in the terminal server WHEN they execute the logon script MANUALLY. The logon script is the same file for all users in the domain.

However, Domain Admins users can AUTOMATICALLY get the drive mappings when logging on to our terminal server - just like logging on to their workstations.

HOW can I get regular users to automatically get drive mappings when logging on to the therminal server?
Question by:waforbes100
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
LVL 27

Expert Comment

ID: 24402285
Have you checked that the login script policy is actually applying to the users? Run an RSoP query on the TS server as one of the users (rsop.msc). Is it applying as a login script?

Could you possibly have a loopback policy on the the server blocking this login script which admins are exempt from?

Author Comment

ID: 24406793
Hello Blunt Tony: RSoP never shows the application of login scripts (at least not for XP or Server 2003).
Also, note the following:
1. The same login script works perfectly when users logon their workstations.
2. No loopback processing is configured for the local terminal server nor the Active Directory group policy.
3. The login script works when placed into the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder.

I hope the above three points are useful clues.
LVL 27

Expert Comment

ID: 24412149
You're correct about the login scripts - I was thinking startup scripts showing on an RSoP.

What about Terminal Services configuration? In the RDP-Tcp properties on the Client Settings tab there is an option to disable such things as Drive Mapping etc, also check the 'Permission Compatibility' option in the Server Settings container.

Why don't you try to add something to the script which will tell you whether it's being run at all, or whether just the mappings are failing? (e.g. a VB script MsgBox or similar).

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Comment

ID: 24412665
Hello bluntTony,
I've attached JPEGs of the Terminal Services Configuration Server Settings and RDP-Tcp Client Settings.
Below, I have provided RDP-Tcp Permissions:
1. Administrators = Full Control (Allow)
2. Remote Desktop Users = User Access, Guest Access (Allow)
3. LOCAL SERVICE = Query Information (Allow), Message (Allow)
4. NETWORK SERVICE = Query Information (Allow), Message (Allow)
5. SYSTEM = Full Control (Allow)

LVL 27

Expert Comment

ID: 24421751
Have you tried to add something to the script that would prove whether it's running or not?

Author Comment

ID: 24422396
I don't know how to do this. I am attaching the VBS script as a TXT file for your review.
LVL 27

Accepted Solution

bluntTony earned 500 total points
ID: 24422482
I've added a line with a MsgBox command to throw up a window saying 'Script Running'. (near the top of the code)

Test this on a login and see if the box appears. If it does, the script is running but the mappings are failing, otherwise the script is not running.

Author Comment

ID: 24432457
bluntTony, your suspicions were right: the login script only runs for admin users. The message does not appear for regular users who log on to the terminal server.
QUESTION: What setting on this terminal server can prevent scripts from running for regular users?

Author Closing Comment

ID: 31581739
The solution provided allowed to determine the root of the problem; thus I was able to find a work-around: I placed the logon script in the "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" folder, which resolved the issue.
However, I still don't know WHY the domain logon script won't execute for regular users (that hasn't been corrected - only worked-around).

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question