Solved

Trouble getting script to run via GPO in 2008 R2

Posted on 2010-09-10
12
355 Views
Last Modified: 2012-05-10
I'm trying to get used to the GPO interface in 2008 R2.

I created a simple login script that maps a drive. I tested it under the AD account login settings, and it works fine.

I then copied it into the NetLogin location way down the policy tree and applied it as a single policy to the OU.

However, when I log in as a user in that Employees OU, I don't get the drive mapping. If I run GPResult on the user account, I can see the login script, although it's in the Default Domain Policy instead of in the Employees OU as I had intended.

Also, it says that "This script has not been executed."

When I look at the script in GPMC, it does not say Enforced (don't know what that means).

So:
1. How do I apply this only to the Employee OU?
2. What do I need to change to get the script to run?

Thanks.
0
Comment
Question by:ovidbailey
  • 7
  • 4
12 Comments
 
LVL 21

Expert Comment

by:Joseph Moody
ID: 33650832
What OS is it failing on?
0
 

Author Comment

by:ovidbailey
ID: 33651062
Server 2008 R2
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 33651152
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 33651156
Well, no need for drive mapping scripts, anyway :D
0
 

Author Comment

by:ovidbailey
ID: 33651770
Yeah, I understand, but I'm just using the login script as a test of (a) getting any script to run and (b) getting it associated with only one OU rather than the domain.
0
 

Author Comment

by:ovidbailey
ID: 33651914
So the original question is, within the GUI of 2008 R2, (a) how do I apply this only to the Employees OU and (b) why would it not be running?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 38

Expert Comment

by:Adam Brown
ID: 33651915
To troubleshoot that, you'll need to try running the command as it shows up in the script as the user. The problem is probably not with the policy, but where the file is located. I've personally never been a big fan of storing scripts in sysvol (partly because I've never gotten it to work right), If you have it in a location where the policy is being applied properly, you should only need to link the policy to the OU that you want and unlink it from all others.
0
 

Author Comment

by:ovidbailey
ID: 33651943
But this is quite different from the UI in 2000 and 2003. That's the process that I can't figure out - how do I unlink it from all the others?
0
 

Author Comment

by:ovidbailey
ID: 33651952
BTW, under that account, I can open the command prompt, navigate to the Sysvol folder, and run the script from there without a problem.
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 33651963
To remove the link, expand the OU, right click the GPO, and click Delete. You'll be prompted with a notice that tells you deleting it will delete the link and not the GPO, click yes and the link is removed.
0
 

Author Comment

by:ovidbailey
ID: 33652033
OK, so that solved item (1), I think.

RSOP gives the result that I would expect (when I link the GPO to the OU), but GPResult's does not show the problematic script.

So RSOP shows it, but GPResult /user /v does not.

I gotta have something screwed up. I'll try your suggestion of putting the scripts into a different folder and see if that makes a difference.

Think I'll get some sleep and hit this in the morning when I'm fresh. Will update you then. Thanks.
0
 

Author Comment

by:ovidbailey
ID: 33687451
Figured it out. Location of script wasn't the issue, but the location of the user was. I had been applying the policy to an OU called Physicians, but the user was still in the Employees OU. Moved the account into Physicians OU, and it worked fine. When I ran gpresult and looked a little closer, it was obvious that the OU membership wasn't what I thought it was. Thanks.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now