?
Solved

Login Script - 2008 DC

Posted on 2010-01-12
21
Medium Priority
?
1,229 Views
Last Modified: 2013-11-29
I am having issues with the login script (VB Script) that is not running for some individuals through AD.  We have mainly XP machines and a couple Win 7 machines.  
At first we thought it was only if you connected to one of our two DC's.  But it doesnt' matter which server.  
If the script dosn't work, I can run the script and it maps the drives like it is suppose to.  
Our DC's are running 2008 R2.  Not sure if there is something 2008 R2.  

Thanks in advance.

0
Comment
Question by:nikhil61107
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 5
  • 4
  • +1
21 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 26297749
how did you assign the script ? i mean where is the script located ?

on the clients where it is not applied try to logon and check the event log (application) it should tell you why it is failing

one the client where it is not applied logon and issue a gpresult is the name of the gpo that is assiging the script showing ?
0
 

Author Comment

by:nikhil61107
ID: 26297993
The script is located in the Sysvol under Scripts of the DC.  

Below is the output of the gpresult /Z on a client PC running win 7.

Let me know if you need anything else.

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 1/12/2010 at 3:27:08 PM


RSOP data for xxxxx\xxxx on xxxxWIN7-xxx : Logging Mode
-------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7600
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\xxxx
Connected over a slow link?: No


USER SETTINGS
--------------
    CN=xxxxxxxx,OU=Managers,OU=zzzzzzz,DC=xyz,DC=COM
    Last time Group Policy was applied: 1/12/2010 at 2:11:13 PM
    Group Policy was applied from:      xxxxx.xxxxx.COM
    Group Policy slow link threshold:   0 kbps
    Domain Name:                        xxxxx
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Copy of Default Domain Policy
        Local Group Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Administrators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        PCAdmins
        Dept IT
        Dept Admin
        Domain Admins
        Dept Admin
        xxxxx
        Denied RODC Password Replication Group
        DptAdmin
        DptAdmin
        High Mandatory Level

    The user has the following security privileges
    ----------------------------------------------


    Resultant Set Of Policies for User
    -----------------------------------

        Software Installations
        ----------------------
            N/A

        Logon Scripts
        -------------
            N/A

        Logoff Scripts
        --------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                KeyName:     Software\Policies\Microsoft\Windows\System\GroupPol
icyMinTransferRate
                Value:       0, 0, 0, 0
                State:       Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A

        Internet Explorer Connection
        ----------------------------
            N/A

        Internet Explorer URLs
        ----------------------
            N/A

        Internet Explorer Security
        --------------------------
            N/A

        Internet Explorer Programs
        --------------------------
            N/A


0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298018
what is the name of the policy assiging the script ?

any error in the even log after logon ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:nikhil61107
ID: 26298132
I checked the error log...no errors.

The VB script is located under profile tab in the Logon Script field for every user.  The name of the script is located there.   I checked under Group Policy Management, and I don't see where it is applying the script to all users.  

I have Five group policies.  A copy of the Default Domain Policy, Default Domain Policy, Default Domain Controllers Policy, one for WSUS and one for an app that will launch if you belong to a specific OU.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298306
ok so you are not applying the script through group policy and that's explain it why you don't have an error in the event log


if you go to the user properties and you copy the VB script path as it is showing in the logon script field and you try to run it on the user exactly as it is showing there does it work ?
0
 

Author Comment

by:nikhil61107
ID: 26298354
There is no path....it just list the vb script name.    

Not sure if it hsould have the full path?  But it does work...most of the time.

If there is a better way....I am open to your advice.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 26298409
if there is only the vbs name how the clients are supposed to locate it ?

well a "better" way is to create a new GPO (group policy object) -> user configuration -> windows settings => logon/logoff script => logon script and assign the vbs from there make sure you use a network path so that all clients can find it.

easiest way is to
1) click on browse
2) go find the vbs and ctrl + C (copy it) - don't use ctrl + Z
3) go back to the directory that opened when you clicked browse and ctrl+V (paste it)
4) assign the vbs you just pasted
0
 

Author Comment

by:nikhil61107
ID: 26298859
So then how is it running?  
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 2000 total points
ID: 26299595
http://www.rlmueller.net/LogonScriptFAQ.htm#How%20do%20I%20setup%20logon%20scripts%20in%20a%20domain%20with%20Active%20Directory

How do I configure a Logon script for a user on the "Profile" tab in        AD Users & Computers?              

       The field labeled "Logon script" on the "Profile" tab of the user properties dialog        in the Active Directory Users and Computers MMC corresponds to the "scriptPath" attribute of the        user object. The default location for Logon scripts specified by this attribute is the NetLogon share. By        default, all users have read access to this share. The NetLogon share on the Domain Controller is located        in the following folder:              
       %SystemRoot%\sysvol\sysvol\<domain DNS name>\scripts              
       where %SystemRoot% is usually "c:\winnt" and <domain DNS name> is the DNS name of the        domain, similar to "MyDomain.com". This folder is replicated to all Domain Controllers in the        domain. The usual practice is to enter the name of the Logon script, for example "NetLogon.bat",        in the field labeled "Logon script" on the "Profile" tab for the user and place this        file in the NetLogon share. The Logon script will run for the user when they Logon to any computer that is        joined to the domain. You can also enter a UNC path in the "Logon script" field and place the        file in another location. However, this location should be one that is replicated to all Domain Controllers.        Alternatively, you can use a script or utility to assign the Logon script to the "scriptPath"        attribute of the user object in Active Directory. A VBScript program to assign a value to this attribute        for many users in bulk would be much faster than manually entering values for users one at a time in the MMC.       
0
 

Author Comment

by:nikhil61107
ID: 26304481
The way I am currently running our login script should work then?? Correct?? But for whatever reason, it is not running on all users.
Is the recommendation to follow the steps that Akhater has provided?

Thanks in advance to all.  
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26305521
If it doesnt work in the fashion you are using, I'd be concerned that something else may be wrong as well.
Try keeping just the name of the script like you have it.
 
and on your server browse to \\yourservername\netlogon and place the script here
0
 

Author Comment

by:nikhil61107
ID: 26305684
Currently the script is there.  That is why I am concerned and confused why I am having these issues.
All XP machines and about 4 Win7 machines.  Three DC's running Windows 2k8R2.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26307017
Can the users that the script fails on browse to \\yourserver\netlogon\script.vbs ?
0
 

Author Comment

by:nikhil61107
ID: 26307520
Yes they can.  
0
 
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 2000 total points
ID: 26308092
Well since you are on 2008 server, why not use GP preferences to map drives
 
http://blogs.technet.com/grouppolicy/archive/2009/02/11/gp-preferences-will-reduce-logon-scripts-mapping-drives.aspx 
0
 

Author Comment

by:nikhil61107
ID: 26318119
This will not allow me to assign drive mappings according to security groups.  If it did, this would be perfect.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 26318313
0
 

Author Comment

by:nikhil61107
ID: 26324450
Very cool....  If I follow that route by using the Group Policy, should I then move the home directory to be mapped via the profile tab for the users?  

If I do that, could I just put in the path using the %username% for a group of users instead of having to go individually to each users profile tab and change it to the current home directory.  

I want to make sure if I do that, it will not erase thier current folder.

Thanks,
0
 

Author Comment

by:nikhil61107
ID: 26341010
Answer to previous post is Yes, it will just ask if you would like to makes sure the user has the correct rights.  
If the login script that I am now using with GP preferences doesn't map the drives, is there a way to re-run the script to apply those drives?  
If that occured with our old script, going to the Netlogon folder and running the script would work.  How would this work with GP preferences now doing the work.

Thanks,
0
 

Author Comment

by:nikhil61107
ID: 26370709
I think the problem if now fixed.  What we did was move away from login scripts and now use GP Preferences.   I needed to make sure that KB943729 - Group Policy Preference Client Side Ext. was applied.  There is another  patch that is needed if you don't have XP Service Pack 3.  Once I did that, the mapping worked like a charm.

Thank you all for you help.

0
 

Expert Comment

by:NCPros
ID: 37596190
When this was happening for you did you experience an issue of map drives dropping randomly?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question