?
Solved

Login Script - 2008 DC

Posted on 2010-01-12
21
Medium Priority
?
1,244 Views
Last Modified: 2013-11-29
I am having issues with the login script (VB Script) that is not running for some individuals through AD.  We have mainly XP machines and a couple Win 7 machines.  
At first we thought it was only if you connected to one of our two DC's.  But it doesnt' matter which server.  
If the script dosn't work, I can run the script and it maps the drives like it is suppose to.  
Our DC's are running 2008 R2.  Not sure if there is something 2008 R2.  

Thanks in advance.

0
Comment
Question by:nikhil61107
  • 11
  • 5
  • 4
  • +1
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 26297749
how did you assign the script ? i mean where is the script located ?

on the clients where it is not applied try to logon and check the event log (application) it should tell you why it is failing

one the client where it is not applied logon and issue a gpresult is the name of the gpo that is assiging the script showing ?
0
 

Author Comment

by:nikhil61107
ID: 26297993
The script is located in the Sysvol under Scripts of the DC.  

Below is the output of the gpresult /Z on a client PC running win 7.

Let me know if you need anything else.

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 1/12/2010 at 3:27:08 PM


RSOP data for xxxxx\xxxx on xxxxWIN7-xxx : Logging Mode
-------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\xxxx
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=xxxxxxxx,OU=Managers,OU=zzzzzzz,DC=xyz,DC=COM
    Last time Group Policy was applied: 1/12/2010 at 2:11:13 PM
    Group Policy was applied from:      xxxxx.xxxxx.COM
    Group Policy slow link threshold:   0 kbps
    Domain Name:                        xxxxx
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Copy of Default Domain Policy
        Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        PCAdmins
        Dept IT
        Dept Admin
        Domain Admins
        Dept Admin
        xxxxx
        Denied RODC Password Replication Group
        DptAdmin
        DptAdmin
        High Mandatory Level

    The user has the following security privileges
    ----------------------------------------------


    Resultant Set Of Policies for User
    -----------------------------------

        Software Installations
        ----------------------
            N/A

        Logon Scripts
        -------------
            N/A

        Logoff Scripts
        --------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                KeyName:     Software\Policies\Microsoft\Windows\System\GroupPol
icyMinTransferRate
                Value:       0, 0, 0, 0
                State:       Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A

        Internet Explorer Connection
        ----------------------------
            N/A

        Internet Explorer URLs
        ----------------------
            N/A

        Internet Explorer Security
        --------------------------
            N/A

        Internet Explorer Programs
        --------------------------
            N/A


0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298018
what is the name of the policy assiging the script ?

any error in the even log after logon ?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:nikhil61107
ID: 26298132
I checked the error log...no errors.

The VB script is located under profile tab in the Logon Script field for every user.  The name of the script is located there.   I checked under Group Policy Management, and I don't see where it is applying the script to all users.  

I have Five group policies.  A copy of the Default Domain Policy, Default Domain Policy, Default Domain Controllers Policy, one for WSUS and one for an app that will launch if you belong to a specific OU.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298306
ok so you are not applying the script through group policy and that's explain it why you don't have an error in the event log


if you go to the user properties and you copy the VB script path as it is showing in the logon script field and you try to run it on the user exactly as it is showing there does it work ?
0
 

Author Comment

by:nikhil61107
ID: 26298354
There is no path....it just list the vb script name.    

Not sure if it hsould have the full path?  But it does work...most of the time.

If there is a better way....I am open to your advice.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298409
if there is only the vbs name how the clients are supposed to locate it ?

well a "better" way is to create a new GPO (group policy object) -> user configuration -> windows settings => logon/logoff script => logon script and assign the vbs from there make sure you use a network path so that all clients can find it.

easiest way is to
1) click on browse
2) go find the vbs and ctrl + C (copy it) - don't use ctrl + Z
3) go back to the directory that opened when you clicked browse and ctrl+V (paste it)
4) assign the vbs you just pasted
0
 

Author Comment

by:nikhil61107
ID: 26298859
So then how is it running?  
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 26299595
http://www.rlmueller.net/LogonScriptFAQ.htm#How%20do%20I%20setup%20logon%20scripts%20in%20a%20domain%20with%20Active%20Directory

How do I configure a Logon script for a user on the "Profile" tab in        AD Users & Computers?              

       The field labeled "Logon script" on the "Profile" tab of the user properties dialog        in the Active Directory Users and Computers MMC corresponds to the "scriptPath" attribute of the        user object. The default location for Logon scripts specified by this attribute is the NetLogon share. By        default, all users have read access to this share. The NetLogon share on the Domain Controller is located        in the following folder:              
       %SystemRoot%\sysvol\sysvol\<domain DNS name>\scripts              
       where %SystemRoot% is usually "c:\winnt" and <domain DNS name> is the DNS name of the        domain, similar to "MyDomain.com". This folder is replicated to all Domain Controllers in the        domain. The usual practice is to enter the name of the Logon script, for example "NetLogon.bat",        in the field labeled "Logon script" on the "Profile" tab for the user and place this        file in the NetLogon share. The Logon script will run for the user when they Logon to any computer that is        joined to the domain. You can also enter a UNC path in the "Logon script" field and place the        file in another location. However, this location should be one that is replicated to all Domain Controllers.        Alternatively, you can use a script or utility to assign the Logon script to the "scriptPath"        attribute of the user object in Active Directory. A VBScript program to assign a value to this attribute        for many users in bulk would be much faster than manually entering values for users one at a time in the MMC.       
0
 

Author Comment

by:nikhil61107
ID: 26304481
The way I am currently running our login script should work then?? Correct?? But for whatever reason, it is not running on all users.
Is the recommendation to follow the steps that Akhater has provided?

Thanks in advance to all.  
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26305521
If it doesnt work in the fashion you are using, I'd be concerned that something else may be wrong as well.
Try keeping just the name of the script like you have it.
 
and on your server browse to \\yourservername\netlogon and place the script here
0
 

Author Comment

by:nikhil61107
ID: 26305684
Currently the script is there.  That is why I am concerned and confused why I am having these issues.
All XP machines and about 4 Win7 machines.  Three DC's running Windows 2k8R2.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26307017
Can the users that the script fails on browse to \\yourserver\netlogon\script.vbs ?
0
 

Author Comment

by:nikhil61107
ID: 26307520
Yes they can.  
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 2000 total points
ID: 26308092
Well since you are on 2008 server, why not use GP preferences to map drives
 
http://blogs.technet.com/grouppolicy/archive/2009/02/11/gp-preferences-will-reduce-logon-scripts-mapping-drives.aspx 
0
 

Author Comment

by:nikhil61107
ID: 26318119
This will not allow me to assign drive mappings according to security groups.  If it did, this would be perfect.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26318313
0
 

Author Comment

by:nikhil61107
ID: 26324450
Very cool....  If I follow that route by using the Group Policy, should I then move the home directory to be mapped via the profile tab for the users?  

If I do that, could I just put in the path using the %username% for a group of users instead of having to go individually to each users profile tab and change it to the current home directory.  

I want to make sure if I do that, it will not erase thier current folder.

Thanks,
0
 

Author Comment

by:nikhil61107
ID: 26341010
Answer to previous post is Yes, it will just ask if you would like to makes sure the user has the correct rights.  
If the login script that I am now using with GP preferences doesn't map the drives, is there a way to re-run the script to apply those drives?  
If that occured with our old script, going to the Netlogon folder and running the script would work.  How would this work with GP preferences now doing the work.

Thanks,
0
 

Author Comment

by:nikhil61107
ID: 26370709
I think the problem if now fixed.  What we did was move away from login scripts and now use GP Preferences.   I needed to make sure that KB943729 - Group Policy Preference Client Side Ext. was applied.  There is another  patch that is needed if you don't have XP Service Pack 3.  Once I did that, the mapping worked like a charm.

Thank you all for you help.

0
 

Expert Comment

by:NCPros
ID: 37596190
When this was happening for you did you experience an issue of map drives dropping randomly?
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this tutorial, we’re going to learn how to convert Youtube to mp3 for Free. We'll show you how easy it is to make an mp3 from your video clips so that you can enjoy them offline.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question