Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1391
  • Last Modified:

Windows Logon Script not running

I have a Windows 7 machine running in a Windows 2003 environment. When I log on a script should run that maps drives on that machine but never does. I have checked on the DC in the GPO and the script is in the correct place and it linked and Enforced but still no luck.

When I run RSOP on the target machine it shows a red X on Computer Configuration and an Exclamation point on User Configuration. When I drill down in User Configuration\Windows Settings\Scripts\Logon it shows an old script that has been deleted. To me is sounds like the AD is not updating or my machine is not accepting updates from the DC.

How can I fix this, Troubleshoot?

Thank You in Advance for all your assistance.
0
Tim
Asked:
Tim
2 Solutions
 
woolnoirCommented:
have you tried forcing a policy refresh ?

gpupdate /force

0
 
woolnoirCommented:
The above command doesnt explain why the policy isnt being updated, but its usefull because it should fix the problem... assuming the actual policy refresh isnt the root cause. Let me know if the above command fixes the issue..
0
 
hydrokidCommented:
do check for firewall to be off.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Will SzymkowskiSenior Solution ArchitectCommented:
If you see a policy that is failing in RSOP view then it is possible that it is still linked to an OU that user account is tied to. Have you checked the name of the GPO and searched in GPMC.msc to see if you can find this? If you find it, remove all groups/users from the scope and do gpupdate /force and also reboot the machine.

As you have stated this is something that is failed with the GPO. I would also test the script to ensure that it is working properly. If you put the script in the "Startup Folder" does this map the drives for you?

Also, take a look in the event viewer as this should also give you some more detail on the failing GPO that is being applied.
0
 
guydemarcoCommented:
See if the key below is present:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLinkedConnections = 1 (DWord)
(http://support.microsoft.com/default.aspx/kb/937624)

If that doesn't work, check that "Use Kerberos DES encryption types for this account" is unchecked.

If that doesn't work, enable group policy\computer configuration\administrative templates\system|logon\ "always wait for the network at computer startup and logon"

Lastly, you can either run it with a VBS or move it to NETLOGON instead of SYSVOL.
0
 
woolnoirCommented:
tparus ; very interested to see if any of the solutions help - let us know when you have tested.
0
 
TimSr. System AdminAuthor Commented:
This problem is very odd and I believe there is more than one cause to this problem. I tested the issue where my firewall was enabled and disabled then logged out then back in, no use. I then tried forcing the update of the GP which returned two issues.

1. Folder redirection failed due to the change in the file system on Windows 7 vs XP so the policy doesn't know where the My Documents folder is now located. This is any easy fix and it was only a warning.
2. This one is more complicated and really don't know how to go about fixing this one. The error was that it attempted to read file \\domain name\SysVol\domain name\Policies\<ID #>\gpt.ini. it gives three reasons:
a) Name resolution\Network problems. (Pinged the DC and the name returned correctly. Not the problem)
b) File Replication Service Latency. ( We only have one DC so that couldn't be the problem however I recently demoted a secondary DC to a member server and removed all domain services but the DC still wants to replicate to it. How do i fix this?)
c) DFS client has been disabled.

I ran GPRESULT /H GPReport.html as suggested and looked through the report and there were some issues but none of them related to the Logon script.

The one thing that I did notice is that I was a member of the Domain Admins group. I removed myself from the Domain Admins group and restarted my machine and logged in. The folders mapped however, I don't know if this was the fix to the problem because these folders have been mapping on and off all during the time I was a member or the Domain Admins group.

In a way this issue is fixed however I believe it may return. I will do some digging to see if I can find more issues but hope this issue may be resolved.
0
 
guydemarcoCommented:
This is known as a tough one because there's several ways for it to crash out, usually related to user authentication. Sometimes the script tries to run on cached credentials, which fails. Sometimes it tries to pull rights, but the GP script is in a location that the user can't get to (netvol versus sysvol, for example). Or it could be a missing reg key. Hopefully one of the suggestions I posted will fix it.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now