Solved

VBS Login Script not executing on Windows 2008 Desktop Services

Posted on 2010-11-08
8
1,768 Views
Last Modified: 2013-11-21
I have a VBS login script that works fine in Terminal Services 2003 server and also on the desktops connecting to Active Directory. However, when a user connects to the Windows 2008 Terminal Server or Remote Desktop Services, the login script does not execute. Other observations:
- If you navigate to the Login Script location, and execute it manually, it works fine.
- The script is launched via group policy
- This seems to have happened ever since day 1 of installing RDS 2008
0
Comment
Question by:skaceli1
  • 4
  • 3
8 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34089507
Hi,

have you tried running RSOP to determine if the login script GPO is applied correctly on your 2008 RDS?

What is your login script location? W2K3 and W2K8 have different structures of user folders ("Documents and Settings" on 2K3 and "Users" on 2K8). This can cause problems in some scenarios when folder mapping/GPO application/logins/user profiles are concerned.

Regards,
Tomislav
0
 

Author Comment

by:skaceli1
ID: 34089565
It appears that the GPO is applied correctly in teh 2008 RDS. After running RSOP, I can see what scripts are assigned to run on user logon under User Configuration.

The script location is under the netlogon directory for the domain server. If you go \\domainserver\netlogon and run it from there it works fine.
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34089752
Are there any errors logged in event log on RDS or domain controller (system/application/security)? Also check RDS logs on W2K8.

The behaviour you describe might point to GPO not being processed at logon due to network connectivity problems ("slow network"). This can be explicitly overriden by forcing scripts to run even in "slow network" conditions. Try editing the GPO that applies to terminal server. Open the:

Computer Configuration -> (Policies) -> Administrative Templates -> System -> Group Policy

Find "Scripts policy processing", enable it and set "Allow processing across a slow network connection". After that go to your RDS and run gpupdate /force in elevated command prompt. Then log off and check if the script runs on next logon.

Regards,
Tomislav
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:skaceli1
ID: 34092951
Still no good. I tried the following:
Logs - no error
Policy - added the recommended policy change above
Location - moved the server under the workstations group in AD and still no go.
0
 
LVL 7

Accepted Solution

by:
tstritof earned 250 total points
ID: 34136504
Hi,

could you please try the following:
- run gpupdate /force /wait:-1 when logged on to the console as administrator,
- run gpupdate /force /wait:-1 when logged on through RDP as administrator,
- run gpupdate /target:User /force /wait:-1 when logged on through RDP as regular user

Check event logs for errors on each step. If any one processing takes more than 10 minutes before it returns to command prompt then it's probably timing out so report that too.

Finally try the following:
- log on through RDP as administrator
- run gpupdate /target:Computer /force /wait:-1
- run gpupdate /target:User /sync
- log off
- log on again through RDP as administrator

If any errors or timeouts are reported in event logs please report.

Finally check in RDS Host Management what processes are started after you log on, and how long it takes for a session and it's processes to disappear from the RDS after user logs off.

Regards,
Tomislav
0
 

Author Comment

by:skaceli1
ID: 34145755
At this time we went ahead and added the login script to the startup menu and seems to be working. Awarding the points for the effort. Will try your recommendation sometime soon.
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34145949
Thx, when you find cause of the problem I'll be grateful if you post back here with it.

Regards,
Tomislav
0
 
LVL 17

Expert Comment

by:Spike99
ID: 34686825
We've seen the same thing.

We have a 2003 AD domain but we started adding 2008 servers last year.  At first, we also had trouble getting GPOs to apply to the new 2008 servers.  None of it was applying:  computer & log on scripts, redirected desktops, mapped printers and drives. It was driving us nuts until one of my co-workers found this solution:  give the DOMAIN COMPUTERS group READ rights to the GPO.

You can do that In The GP Management console's Delegation tab.  Click ADD to add the Domain Computers group.  you only need to grant the group READ rights.

That's all we had to do to fix it.

Alicia
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question