Solved

Trouble getting script to run via GPO in 2008 R2

Posted on 2010-09-10
12
361 Views
Last Modified: 2012-05-10
I'm trying to get used to the GPO interface in 2008 R2.

I created a simple login script that maps a drive. I tested it under the AD account login settings, and it works fine.

I then copied it into the NetLogin location way down the policy tree and applied it as a single policy to the OU.

However, when I log in as a user in that Employees OU, I don't get the drive mapping. If I run GPResult on the user account, I can see the login script, although it's in the Default Domain Policy instead of in the Employees OU as I had intended.

Also, it says that "This script has not been executed."

When I look at the script in GPMC, it does not say Enforced (don't know what that means).

So:
1. How do I apply this only to the Employee OU?
2. What do I need to change to get the script to run?

Thanks.
0
Comment
Question by:ovidbailey
  • 7
  • 4
12 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 33650832
What OS is it failing on?
0
 

Author Comment

by:ovidbailey
ID: 33651062
Server 2008 R2
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 33651152
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 39

Expert Comment

by:Adam Brown
ID: 33651156
Well, no need for drive mapping scripts, anyway :D
0
 

Author Comment

by:ovidbailey
ID: 33651770
Yeah, I understand, but I'm just using the login script as a test of (a) getting any script to run and (b) getting it associated with only one OU rather than the domain.
0
 

Author Comment

by:ovidbailey
ID: 33651914
So the original question is, within the GUI of 2008 R2, (a) how do I apply this only to the Employees OU and (b) why would it not be running?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 33651915
To troubleshoot that, you'll need to try running the command as it shows up in the script as the user. The problem is probably not with the policy, but where the file is located. I've personally never been a big fan of storing scripts in sysvol (partly because I've never gotten it to work right), If you have it in a location where the policy is being applied properly, you should only need to link the policy to the OU that you want and unlink it from all others.
0
 

Author Comment

by:ovidbailey
ID: 33651943
But this is quite different from the UI in 2000 and 2003. That's the process that I can't figure out - how do I unlink it from all the others?
0
 

Author Comment

by:ovidbailey
ID: 33651952
BTW, under that account, I can open the command prompt, navigate to the Sysvol folder, and run the script from there without a problem.
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 33651963
To remove the link, expand the OU, right click the GPO, and click Delete. You'll be prompted with a notice that tells you deleting it will delete the link and not the GPO, click yes and the link is removed.
0
 

Author Comment

by:ovidbailey
ID: 33652033
OK, so that solved item (1), I think.

RSOP gives the result that I would expect (when I link the GPO to the OU), but GPResult's does not show the problematic script.

So RSOP shows it, but GPResult /user /v does not.

I gotta have something screwed up. I'll try your suggestion of putting the scripts into a different folder and see if that makes a difference.

Think I'll get some sleep and hit this in the morning when I'm fresh. Will update you then. Thanks.
0
 

Author Comment

by:ovidbailey
ID: 33687451
Figured it out. Location of script wasn't the issue, but the location of the user was. I had been applying the policy to an OU called Physicians, but the user was still in the Employees OU. Moved the account into Physicians OU, and it worked fine. When I ran gpresult and looked a little closer, it was obvious that the OU membership wasn't what I thought it was. Thanks.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question