Link to home
Start Free TrialLog in
Avatar of ovidbailey
ovidbaileyFlag for United States of America

asked on

Trouble getting script to run via GPO in 2008 R2

I'm trying to get used to the GPO interface in 2008 R2.

I created a simple login script that maps a drive. I tested it under the AD account login settings, and it works fine.

I then copied it into the NetLogin location way down the policy tree and applied it as a single policy to the OU.

However, when I log in as a user in that Employees OU, I don't get the drive mapping. If I run GPResult on the user account, I can see the login script, although it's in the Default Domain Policy instead of in the Employees OU as I had intended.

Also, it says that "This script has not been executed."

When I look at the script in GPMC, it does not say Enforced (don't know what that means).

1. How do I apply this only to the Employee OU?
2. What do I need to change to get the script to run?

Avatar of Joseph Moody
Joseph Moody
Flag of United States of America image

What OS is it failing on?
Avatar of ovidbailey


Server 2008 R2
Well, no need for drive mapping scripts, anyway :D
Yeah, I understand, but I'm just using the login script as a test of (a) getting any script to run and (b) getting it associated with only one OU rather than the domain.
So the original question is, within the GUI of 2008 R2, (a) how do I apply this only to the Employees OU and (b) why would it not be running?
To troubleshoot that, you'll need to try running the command as it shows up in the script as the user. The problem is probably not with the policy, but where the file is located. I've personally never been a big fan of storing scripts in sysvol (partly because I've never gotten it to work right), If you have it in a location where the policy is being applied properly, you should only need to link the policy to the OU that you want and unlink it from all others.
But this is quite different from the UI in 2000 and 2003. That's the process that I can't figure out - how do I unlink it from all the others?
BTW, under that account, I can open the command prompt, navigate to the Sysvol folder, and run the script from there without a problem.
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK, so that solved item (1), I think.

RSOP gives the result that I would expect (when I link the GPO to the OU), but GPResult's does not show the problematic script.

So RSOP shows it, but GPResult /user /v does not.

I gotta have something screwed up. I'll try your suggestion of putting the scripts into a different folder and see if that makes a difference.

Think I'll get some sleep and hit this in the morning when I'm fresh. Will update you then. Thanks.
Figured it out. Location of script wasn't the issue, but the location of the user was. I had been applying the policy to an OU called Physicians, but the user was still in the Employees OU. Moved the account into Physicians OU, and it worked fine. When I ran gpresult and looked a little closer, it was obvious that the OU membership wasn't what I thought it was. Thanks.