?
Solved

Trouble getting script to run via GPO in 2008 R2

Posted on 2010-09-10
12
Medium Priority
?
366 Views
Last Modified: 2012-05-10
I'm trying to get used to the GPO interface in 2008 R2.

I created a simple login script that maps a drive. I tested it under the AD account login settings, and it works fine.

I then copied it into the NetLogin location way down the policy tree and applied it as a single policy to the OU.

However, when I log in as a user in that Employees OU, I don't get the drive mapping. If I run GPResult on the user account, I can see the login script, although it's in the Default Domain Policy instead of in the Employees OU as I had intended.

Also, it says that "This script has not been executed."

When I look at the script in GPMC, it does not say Enforced (don't know what that means).

So:
1. How do I apply this only to the Employee OU?
2. What do I need to change to get the script to run?

Thanks.
0
Comment
Question by:ovidbailey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 33650832
What OS is it failing on?
0
 

Author Comment

by:ovidbailey
ID: 33651062
Server 2008 R2
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 33651152
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 42

Expert Comment

by:Adam Brown
ID: 33651156
Well, no need for drive mapping scripts, anyway :D
0
 

Author Comment

by:ovidbailey
ID: 33651770
Yeah, I understand, but I'm just using the login script as a test of (a) getting any script to run and (b) getting it associated with only one OU rather than the domain.
0
 

Author Comment

by:ovidbailey
ID: 33651914
So the original question is, within the GUI of 2008 R2, (a) how do I apply this only to the Employees OU and (b) why would it not be running?
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 33651915
To troubleshoot that, you'll need to try running the command as it shows up in the script as the user. The problem is probably not with the policy, but where the file is located. I've personally never been a big fan of storing scripts in sysvol (partly because I've never gotten it to work right), If you have it in a location where the policy is being applied properly, you should only need to link the policy to the OU that you want and unlink it from all others.
0
 

Author Comment

by:ovidbailey
ID: 33651943
But this is quite different from the UI in 2000 and 2003. That's the process that I can't figure out - how do I unlink it from all the others?
0
 

Author Comment

by:ovidbailey
ID: 33651952
BTW, under that account, I can open the command prompt, navigate to the Sysvol folder, and run the script from there without a problem.
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 33651963
To remove the link, expand the OU, right click the GPO, and click Delete. You'll be prompted with a notice that tells you deleting it will delete the link and not the GPO, click yes and the link is removed.
0
 

Author Comment

by:ovidbailey
ID: 33652033
OK, so that solved item (1), I think.

RSOP gives the result that I would expect (when I link the GPO to the OU), but GPResult's does not show the problematic script.

So RSOP shows it, but GPResult /user /v does not.

I gotta have something screwed up. I'll try your suggestion of putting the scripts into a different folder and see if that makes a difference.

Think I'll get some sleep and hit this in the morning when I'm fresh. Will update you then. Thanks.
0
 

Author Comment

by:ovidbailey
ID: 33687451
Figured it out. Location of script wasn't the issue, but the location of the user was. I had been applying the policy to an OU called Physicians, but the user was still in the Employees OU. Moved the account into Physicians OU, and it worked fine. When I ran gpresult and looked a little closer, it was obvious that the OU membership wasn't what I thought it was. Thanks.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question