Solved

Windows 7 and logon scripts (batch files) problem

Posted on 2010-11-22
29
1,810 Views
Last Modified: 2012-05-10
Dear Experts,

We started deploying Windows 7 (one PC at a time), however I'm running into a sporadic problem where network scripts do not run (batch files to map network drives using net use command).
By sporadic, I mean they run fine on one PC and do not run completely on the other PC. PC where scripts run, user has Local Admin writes. UAC is enabled on both PCs.
Windows Firewall is disabled (we use Symantec End Point Protection) and Sonicwall Firewall.
I read a few posts about this same problem, but so far found no solution.
I tried adding the following to the registry as per this article and a couple of similar posts but it didn't help http://support.microsoft.com/kb/937624/en-us
EnableLinkedConnections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

I tried disabling UAC - no help.
Temporarily provided Local Admin rights to the user on PC where script doesn't run, but that did not help either...
Any help would be greatly appreciated.

I did see some posts where people state if you use batch files, try swtching to vbs scripts if you use vb scripts try switching to batch files. So far reading from those posts, it didn't help the others with this probolem...
0
Comment
Question by:technomic
  • 20
  • 5
  • 4
29 Comments
 
LVL 2

Author Comment

by:technomic
ID: 34189877
Also, i noticed from otehr posts where suggestions range from manually mapping network drives or dropping batch file into the Startup folder on the machine... Well, that would work, but it defeats the pourpose of logon scripts. I also assign printers using teh same script and using Con2Prt command.
Printers do change for users somewhat frequently so modifying the batch file in the startup folder per machine basis definetely defeats the pourpose....
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34189935
In my batch file I have (for every network share)

NET USE H: /DEL /Y
NET USE H: \\SERVERNAME\SHARENAME

That's been working for our Windows 7 users.

Rob
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34189965
Hi

You said you are using the logon script to add printers. On the erratic computer does your script add printer - but not map drive?
0
 
LVL 2

Author Comment

by:technomic
ID: 34190441
nope, on the PC with the problem the script doesn't run at all, so no network drives or printers either...
0
 
LVL 2

Author Comment

by:technomic
ID: 34190459
Our domain is 2003 though.. I'm considering upgrading servers and DCs to 2008R2, maybe that will solve the issue. I just think there has to be a better solution....
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34190551
Hi

Can you please remove the PC from the domain and Join it back to the domain.

Once logged in try gpupdate /force.
0
 
LVL 2

Author Comment

by:technomic
ID: 34190602
Yep, I will try that. Also, I'm setting up the same exact model with Windows 7 (new box)will see if it happens on this same box also.
0
 
LVL 2

Author Comment

by:technomic
ID: 34190670
Well, that`s odd. A brand new box that was just joined to the domain without making any changes to Windows Firewall, UAC or even without Admin Rights provided to the user after the first logon immediately started to run the script, however it didn't finish as it is sittign on the UAC logon screen....
0
 
LVL 2

Author Comment

by:technomic
ID: 34191003
MoOn_Blue69:
You are probably on teh right track. I won't be able to disjoin and rejoin the machine until tomorrow, however on the new box I was able to map the drives no problems without having to add user to Administrators Group.
The MS registry fix worked on this machine.... http://support.microsoft.com/kb/937624/en-us
Added Dword EnableLinkedConnections with Value of 1 to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Before restarting the box, I verified that user was not a part of Administrators group and manually disconnected the network drives. After restart and the above fix, the drives mapped.
So I will b trying your suggestion tomorrow and will post back.
Just wondering if rejoining the domain doesn't help with resolving this problem, what else would you suggest I try ?
0
 
LVL 10

Expert Comment

by:moon_blue69
ID: 34191236
Its just trial and error. Our problem here is gp is not getting applied. The computer account might have some trouble and removing and rejoining will help. By the way are you using the same user account to login to both working and non-working computer? On the group policy tab in the domain under security please make sure the user or group in which he is a member has got the read policy. On the problamatic computer access the share where the script is stored and double click the script. At this point it will show access denied if its a problem with user right issue or show up an error if its local system acting up. Post the outcomes here and we will take it on from there good luck
0
 
LVL 2

Author Comment

by:technomic
ID: 34191401
Well, there is more to teh problem with this particular PC. the one with this problem is a brand new desktop. I think the hard drive is failing. Plenty of blue screens with PROCESS1_INITIALIZATION_FAILED, and running extremely slow.  Crashing a couple of times a day.
So, I'm ordering a replacement drive for now and this box will be reimaged. I will post back here probably some time tomorrow after it was reimaged and patched up....
0
 
LVL 2

Author Comment

by:technomic
ID: 34205593
reimaged the box, enabled local admi account, joined to teh domain, logged on as the user, but then i got a little click happy and when I was prompted for User Name password by UAC to run the script, i accidentally clicked the 'X"
Added the registry fix for EnableLinkedConnections dword 1 logged off and loged back in, scrip[t doesn't run. Logged on as a different user, the script runs only if I login as a different user. I deleted the profile from C:\Users, logged back in but the script still doesn't run. Will try system restore otehrwise I may need to reimage again. I have no idea how to invoke the script to run again, should`ve been mpore careful the first time I logged on as this user....
Any ideas ?
0
 
LVL 2

Author Comment

by:technomic
ID: 34205672
If I was to logon to another Windows 7 PC with this user`s account and if the script runs, what do I need to copy from that user`s account (from machine where the script runs) to the user account on the machine where script doesn't run ?
0
 
LVL 2

Author Comment

by:technomic
ID: 34205956
well logged on to another machine (where a different user`s logon runs the script w/o problems) BUT the damn thing did not run again.
This has got  to be the most rediculous thing ever...
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:technomic
ID: 34207220
reimaged teh box from scratch and now no matter what I do, the script will not run. tried adding user to Local Admin group, tried disabling the UAC as well as the registry fix (posted above somehwere)
Anymore ideas ?
0
 
LVL 10

Accepted Solution

by:
moon_blue69 earned 250 total points
ID: 34207910
Hi

From what you have been experiencing I feel its some problem with user permission. I assume the script is in a shared folder. Once logged in as the problematic user can you access that share and double click the script file??

0
 
LVL 2

Author Comment

by:technomic
ID: 34207955
I can access the share it just in DC\sysvol\domain\scripts but I can't double-click on it...
0
 
LVL 2

Author Comment

by:technomic
ID: 34207981
Scripts directory has teh following permisions set:
Administrators -  Full Control
Authenticated Users- Allow: Read& Execute, List folder Contents, Read
Creator Owner- Special Permissions (Full Control - Inhereted from Parent Object - Subfolders and files only)
Server Operators  - Allow: Read& Execute, List folder Contents, Read
System- Allow: modify, Allow: Read& Execute, List folder Contents, Read, Write
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34208098
Is this user using a roaming profile?

Rob
0
 
LVL 2

Author Comment

by:technomic
ID: 34208121
Yeah, it has to be.... as I don't see user accounts under Local Users on the machines under management.
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34208232
In 2003 server, in ADUC, right click on this user, click the profile tab,  where is says User profile, in Profile path is there a path set there? (\\server_name\shared_folder_name\user_profile_folder_name).

Rob
0
 
LVL 2

Author Comment

by:technomic
ID: 34208251
Nope, nothing is set for any of the users in "Local Path" section
The only thing we have set on this page is in the "Logon Script" section, point to the user`s .bat file.
0
 
LVL 2

Author Comment

by:technomic
ID: 34208279
I added the following to Local Path in user`s AD account "C:\WINDOWS\SYSVOL\domain\scripts" but it iddn't make a difference.... restarted the box, logged back in, still nothing...
The other few users that have Windows7, their accounts are set exactly the same way, somehow the batch file runs for them without issues.... go figure..
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34208313
For this particular user instead of having  "C:\WINDOWS\SYSVOL\domain\scripts" - replace that with just the scriptname.bat

Rob

any difference?
0
 
LVL 2

Author Comment

by:technomic
ID: 34208369
I already have script.bat in the "Logon Script" section. If i was to try adding it to the "Local Path" it wouldn't let me unless it was a path.... I tried adding teh entire path including the script.bat, but it didn't help either...
0
 
LVL 8

Assisted Solution

by:rjwesley
rjwesley earned 250 total points
ID: 34208446
On the Server:
If it's just this one user having this problem. then deleting the account, allow replication to other DC's, recreate then reconnect to a mailbox if necessary.

On the system:
In Windows 7 when deleting a profile (System Properties > Advanced tab) I found it was also necessary to delete in regedit - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - click the SID's there until you come across this particular user and delete. (do this first before logging back in as that newly recreated user)

Rob
0
 
LVL 2

Author Comment

by:technomic
ID: 34208491
ok, I will give that a shot, hopefully this will work as I'm all out of ideas.. LOL
0
 
LVL 2

Author Comment

by:technomic
ID: 34231406
Tried it, but it didn't work. I mapped the drives manually for now. Hopefully there will be a workable fix for this issue soon....
0
 
LVL 2

Author Closing Comment

by:technomic
ID: 34292580
Due to a number of other projects, I will be closing this question.. I will probably reopen a question at a later time if it is still a problem
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now