?
Solved

Is there a way to find where the startup script is?

Posted on 2010-01-04
13
Medium Priority
?
260 Views
Last Modified: 2012-05-08
A while back, I asked my system folks to create a startup script to load my group's webpage using one security group name in the active directly.
Since then some people changed groups but they are getting this web page when they log on.
I tried to find out which security group they used on this startup script but my system folks can not find where this script is located.
Since I don't have the admin permission to poke around the server folders to look for this folder, how can I find this script?
Any advise will be greatly appreciated.
0
Comment
Question by:dkim18
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 668 total points
ID: 26173544
The script itself should be located in the sysvol share on your DCs.  Depending on how big your environment is there may be many scripts there.
Have your system folks run an RSoP report using group policy management console (GPMC) on one of the users.  the RSoP report from GPMC can tell you if there are any scripts being applied using group policy and then if there are you can look at that policy and script.
You can also view the user using Active Directory Users and computers and check the profile tab of a user (script can also be set there)
Thanks
Mike
0
 
LVL 1

Expert Comment

by:jkalnasy
ID: 26173549
Logon and logoff scripts are defined through the Logon and Logoff policies in the User Configuration | Windows Settings | Scripts branch. As with startup and shutdown scripts, you can assign multiple scripts in each policy.
0
 
LVL 18

Expert Comment

by:Americom
ID: 26175337
In addition to the above, since you are referring to your group's home page, could that be the default home webpage for your group? If that's that case, may be it's not loaded or configured by script, may be by a GPO as you can setup user's home page via a GPO. You can user GPMC to look at the Users OU or the OU where the user account is placed in and see what GPO is linked to. Hopefully the GPO name means something like webpage then you click on the settings, and look for Internet Exploerer Maintenance URLs.

Or there's 3rd party product your company used that may have leverage the Active Directory group to set default page? Usually done by web admin group or security group within IT...
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 26175360
Good to see you Americom...Happy New Year!!
0
 
LVL 18

Expert Comment

by:Americom
ID: 26175389
Same here Mike, Happy New Year!
0
 
LVL 7

Assisted Solution

by:ARK-DS
ARK-DS earned 668 total points
ID: 26175434
Hello,

First I need to understand how you applied the script via GPO? I am asking this because group policies are never applied on groups they are applied on AD containers (OUs, sites or domain).
You may be talking about the security filtering (which can be done by using groups in the security tab of the GPO). If so, please confirm (I will take this as the situation right now that security filtering was done in a way that only that particular group's member could apply that GPO).  
As you have said that the users have changed the groups, have the left the membership of the group which was applied this GPO? if not, they would get this policy (until any other group which they are member of is denied the access to that GPO).

If they have left that group;
Sometimes, the group policies get tattooed as well. Especially the ones which make registry changes. To deal with this situation, we can apply this policy :  "Process even if the Group Policy Objects have not changed" its under :
Computer Configuration\Administrative Templates\System\Group Policy
If this also doesnt work, then we might have to reverse the registry changes via another script or manually.

Regards,

Arun.
0
 
LVL 7

Expert Comment

by:ARK-DS
ID: 26175505
Also, if you just need the path to the startup script, its here:

\\Domain name\SYSVOL\domain name\scripts\{GUID of GPO}\Machine\Scripts

Domain name here is your domain's name and GPO GUID can be found in GPMC or GPEDIT.MSC by going the GPO's properties. its a long series of characters like {0F8E2766-9937-4EE1-8067-B294DF853D07}.

Regards,

Arun.
0
 

Author Comment

by:dkim18
ID: 26175508
I contacted my system maintenance/server folks who handles the Active Directory and login script and told me that they can't locate the script.

When I log on to my system, CMD window comes up and I see commands on the CMD window with something like start -D http://mywebpage.com.

I will suggest him what you have listed here.
THanks
0
 

Author Comment

by:dkim18
ID: 26180597
-If that's that case, may be it's not loaded or configured by script, may be by a GPO as you can setup user's home page via a GPO. You can user GPMC to look at the Users OU or the OU where the user account is placed in and see what GPO is linked to. Hopefully the GPO name means something like webpage then you click on the settings, and look for Internet Exploerer Maintenance URLs.

Can you tell me again how this is done? How to find which security group was used?


You guys are right, the script was ran from
\Domain name\SYSVOL\domain name\policies\{GUID of GPO}\User\Scripts\logon

the script name was splashpage.cmd
rem Present group12
cmd start ....etc


For some reason my server system folks don't know how to find this group saying this is something they haven't configured.
Can you explain in detail how can I find which security it was used?
The guy I am trying to find is VP of my company. He got all mad complainting that the page is slowing his system.


0
 
LVL 18

Expert Comment

by:Americom
ID: 26180725
according to your info above, it seems like from your script. Could you paste the complete script here?
If it's from your logon script, then ignore the GPO part.
0
 

Author Comment

by:dkim18
ID: 26180883
\Domain name\SYSVOL\domain name\policies\{GUID of GPO}\User\Scripts\logon

the script name was splashpage.cmd
rem Present group12
\\Domain name\SYSVOL\domain name\policies\{GUID of GPO}\User\Scripts\logon\sleep 5
cmd /c start /b http://mygrouppage.com

That's it.
0
 
LVL 18

Expert Comment

by:Americom
ID: 26181098
humm... that "rem" kind of taking out the Present group12 meaning everyone will run the "cmd /c start /b http://mygrouppage.com".  If that is the page you are concerning, then the next thing is to find out why some users gets to load that page and some not. First you should take a look at which OU is the user account that gets to load the page is in. Then use GPMC to click on that OU and see what GPO is used to launch the script. The other way of launching the script without GPO is from the user account properties, but this configuration is per user. Wont hurt to check.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 664 total points
ID: 26181302
From GPMC, when you click on the GPO, Click on Settings, it will show you how the script was launched, look for the "Logon" should show you whcih script is being launched. You could also on your GPMC, click on the "Group Policy Objects", it will list all your GPOs, then on the right pane, look for the "modified" column, take note of the date and time. You should find the GUID of the GPO in \Domain name\SYSVOL\domain name\policies\ that matchs the date/time found in the GPMC to confirm the exact GPO linked to load the script. Once you click on the GPO and take a look at the "Settings" and let us know how it is configured and linked.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question