Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VBS Login Script not executing on Windows 2008 Desktop Services

Posted on 2010-11-08
8
Medium Priority
?
1,773 Views
Last Modified: 2013-11-21
I have a VBS login script that works fine in Terminal Services 2003 server and also on the desktops connecting to Active Directory. However, when a user connects to the Windows 2008 Terminal Server or Remote Desktop Services, the login script does not execute. Other observations:
- If you navigate to the Login Script location, and execute it manually, it works fine.
- The script is launched via group policy
- This seems to have happened ever since day 1 of installing RDS 2008
0
Comment
Question by:skaceli1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34089507
Hi,

have you tried running RSOP to determine if the login script GPO is applied correctly on your 2008 RDS?

What is your login script location? W2K3 and W2K8 have different structures of user folders ("Documents and Settings" on 2K3 and "Users" on 2K8). This can cause problems in some scenarios when folder mapping/GPO application/logins/user profiles are concerned.

Regards,
Tomislav
0
 

Author Comment

by:skaceli1
ID: 34089565
It appears that the GPO is applied correctly in teh 2008 RDS. After running RSOP, I can see what scripts are assigned to run on user logon under User Configuration.

The script location is under the netlogon directory for the domain server. If you go \\domainserver\netlogon and run it from there it works fine.
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34089752
Are there any errors logged in event log on RDS or domain controller (system/application/security)? Also check RDS logs on W2K8.

The behaviour you describe might point to GPO not being processed at logon due to network connectivity problems ("slow network"). This can be explicitly overriden by forcing scripts to run even in "slow network" conditions. Try editing the GPO that applies to terminal server. Open the:

Computer Configuration -> (Policies) -> Administrative Templates -> System -> Group Policy

Find "Scripts policy processing", enable it and set "Allow processing across a slow network connection". After that go to your RDS and run gpupdate /force in elevated command prompt. Then log off and check if the script runs on next logon.

Regards,
Tomislav
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:skaceli1
ID: 34092951
Still no good. I tried the following:
Logs - no error
Policy - added the recommended policy change above
Location - moved the server under the workstations group in AD and still no go.
0
 
LVL 7

Accepted Solution

by:
tstritof earned 1000 total points
ID: 34136504
Hi,

could you please try the following:
- run gpupdate /force /wait:-1 when logged on to the console as administrator,
- run gpupdate /force /wait:-1 when logged on through RDP as administrator,
- run gpupdate /target:User /force /wait:-1 when logged on through RDP as regular user

Check event logs for errors on each step. If any one processing takes more than 10 minutes before it returns to command prompt then it's probably timing out so report that too.

Finally try the following:
- log on through RDP as administrator
- run gpupdate /target:Computer /force /wait:-1
- run gpupdate /target:User /sync
- log off
- log on again through RDP as administrator

If any errors or timeouts are reported in event logs please report.

Finally check in RDS Host Management what processes are started after you log on, and how long it takes for a session and it's processes to disappear from the RDS after user logs off.

Regards,
Tomislav
0
 

Author Comment

by:skaceli1
ID: 34145755
At this time we went ahead and added the login script to the startup menu and seems to be working. Awarding the points for the effort. Will try your recommendation sometime soon.
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34145949
Thx, when you find cause of the problem I'll be grateful if you post back here with it.

Regards,
Tomislav
0
 
LVL 17

Expert Comment

by:Spike99
ID: 34686825
We've seen the same thing.

We have a 2003 AD domain but we started adding 2008 servers last year.  At first, we also had trouble getting GPOs to apply to the new 2008 servers.  None of it was applying:  computer & log on scripts, redirected desktops, mapped printers and drives. It was driving us nuts until one of my co-workers found this solution:  give the DOMAIN COMPUTERS group READ rights to the GPO.

You can do that In The GP Management console's Delegation tab.  Click ADD to add the Domain Computers group.  you only need to grant the group READ rights.

That's all we had to do to fix it.

Alicia
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question