Logon Script Does not Run for domain admins

Posted on 2010-01-03
Last Modified: 2012-05-08
I have a mixed domain, with my primary domain controller being SERVER 2008, several secondary 2008 controllers, and a couple older 2003 controllers.  I have logon scripts specified in both GPO and in the in Active Directory for all users.  Old servers used AD specified, and eventually we moved towards GPO based Logon Scripts.  The logon scripts run great for everyone, but the domain admins, and they get no logon script at all.  I have checked all the permissions I can find.
 Any one have any insight on this?
Question by:rongillis

    Author Comment

    I should add, that if I manually browse to the \\DC\netlogon share, I can run the script fine
    LVL 4

    Expert Comment

    After logon to the system check the rsop.msc command to know which policy is applied.

    Chandar Singh
    LVL 17

    Expert Comment

    by:Premkumar Yogeswaran
    Can you check whether the group policy is applying to the domain admin's user...?
    LVL 17

    Accepted Solution

    Check whether Domain Admins group have deny permission in Group Policy.
    Follow the steps below..!
    Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
    In the left console tree, right-click the name of the domain to which the policy is applied, and then click Properties.
    Click the Group Policy tab.
    Click the group policy object that you do not want to apply to administrators. By default, the only policy that is listed in the window is the Default Domain Policy.
    Click Properties, and then click the Security tab.
    Select Domain Admin Group check "Apply" Group policy
    Also follow the same steps in the OU which the user belongs to...!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
    My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now