Solved

GPO VB login script won't run for new users

Posted on 2011-02-21
17
909 Views
Last Modified: 2012-08-13
Hi Guys,

We have a VB login script for users in the GPO of Windows Server 2008.
The login script works just fine for existing users, but for two new users the script won't run.
The workstations are on Windows 7 OS.

The workstations have been successfully joined to the domain.

Any help will be appreciated.
Regards, Rupert


0
Comment
Question by:Rupert Eghardt
  • 6
  • 5
  • 3
  • +2
17 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34941551
Check on that Windows 7 if you disable UAC, does it work? Probably UAC is the root issue for that

Regards,
Krzysztof
0
 
LVL 41

Expert Comment

by:Amit
ID: 34941638
Where you have configured it in GPO?

Computer Configuration or User Config.

If Computer Config, move computer objects to same OU where you applied it.
0
 

Author Comment

by:Rupert Eghardt
ID: 34941981
In the GPO the script is save under
C:\Windows\sysvol\domain\policies\{xxx}\user\scripts\logon
0
 
LVL 41

Expert Comment

by:Amit
ID: 34942380
Check application logs, if AV is or something is trying to block it.
0
 

Author Comment

by:Rupert Eghardt
ID: 34942549
The scripts runs manually, when running the logon.vbs file from the workstation side.

Upon running the script manually there was a problem reported on line 7:
StrGroups=LCase(Join(CurrentUser.MemberOf))

After removing this line the logon script ran manually without reporting any problem.
* Not sure why the existing workstations didn't give an error on this line?
Could it be, because the new user is not part of a group?

We still have to run the script manually on these two workstations,  We've put the script in the start-up which seems to be working for now.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34942637
Looks like insufficient user's rights for this script action. Startup scripts use higher privileges for running scripts.

Krzysztof
0
 

Author Comment

by:Rupert Eghardt
ID: 34942674
One of these users had a workstation before, that mapped the network drives successfully, it is still the same user account, etc.  Why only when the user got a new PC did the problems begin?
The user also had Windows 7 OS before.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34942714
Could you post this script here for analyze, please?

Krzysztof
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Rupert Eghardt
ID: 34942789
'Option Explicit

Set wshNetwork = CreateObject("WScript.Network")

Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

Dim strDriveLetter, strRemotePath
Dim objNetwork, objShell
Dim CheckDrive, AlreadyConnected, intDrive

                             
strDriveLetter1 = "W:"
strRemotePath1 = "\\SERVER-SBS\UserShares\" & wshNetwork.UserName

strDriveLetter2 = "M:"
strRemotePath2 = "\\SERVER-SBS\Management"

strDriveLetter3 = "S:"
strRemotePath3 = "\\SERVER-SBS\Sales"

strDriveLetter4 = "Q:"
strRemotePath4 = "\\SERVER-SBS\QMS"

WScript.Quit
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34942919
Try this script (please ensure that users have configured Home Drive and Home path within their properties in AD)

 
On Error Resume Next

Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
set objFSO = CreateObject("Scripting.FileSystemObject")

strDomain = LCase(objNetwork.UserDomain)
strUser = LCase(objNetwork.UserName)
strHomeDrive = LCase(objUser.HomeDrive)
strHomeDirectory = LCase(objUser.HomeDirectory)

objNetwork.RemoveNetworkDrive "M:", True, True
objNetwork.MapNetworkDrive "M:", "\\SERVER-SBS\Management"

objNetwork.RemoveNetworkDrive "S:", True, True
objNetwork.MapNetworkDrive "S:", "\\SERVER-SBS\Sales"

objNetwork.RemoveNetworkDrive "Q:", True, True
objNetwork.MapNetworkDrive "Q:", "\\SERVER-SBS\QMS"

objNetwork.MapNetworkDrive strHomeDrive, strHomeDirectory

Open in new window


Krzysztof
0
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943011
Hi rupertvz. Have you already confirmed that the GPO is being applied to the two computers with RSoP via MMC or GPRESULT from the command-line? Just to make sure that this is isolated script problem or possibly a GPO problem.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 166 total points
ID: 34943165
OK remove

strHomeDrive = LCase(objUser.HomeDrive)
strHomeDirectory = LCase(objUser.HomeDirectory)
objNetwork.MapNetworkDrive strHomeDrive, strHomeDirectory

in your case doesn't make sense :)

use

objNetwork.RemoveNetworkDrive "W:", True, True
objNetwork.MapNetworkDrive "W:", "\\SERVER-SBS\UserShares\" & strUser
0
 

Author Comment

by:Rupert Eghardt
ID: 34943207
Hi Thomas,  Do I need a specific switch for GPResult?
0
 
LVL 3

Expert Comment

by:thomasd04
ID: 34943428
You can run it two different ways:
1- gpresult > C:\gp.txt
This will output the results to a text file you can then post up here if you need help reading it.
2- gpresult /USER username > C:\gp_username.txt
This will output the results that affect the user that you specify and will also write to a text file.

0
 

Author Comment

by:Rupert Eghardt
ID: 34943664
I am already away from the workstation, will check tomorrow morning.
I see that I should run switch for example:  GPRESULT /R

If the GPO is not yet applied to the W/S, how can I force apply the GPO to the W/S?
0
 
LVL 3

Accepted Solution

by:
thomasd04 earned 167 total points
ID: 34943720
From the run or command prompt you can use GPUPDATE /FORCE. Or simply restarting the target computer will refresh the GPO settings. If the gpresult isn't showing the correct GPO being applied than you have a problem that's independent of the contents of the script.

Running RSoP will show more detailed information about what is being applied.
0
 
LVL 5

Assisted Solution

by:LarcenIII
LarcenIII earned 167 total points
ID: 34951756
GPUPDATE /FORCE

If it asks to reboot, that usually does the trick. If it does not, then check firewall / Permissions and try again until it does ask you to reboot.

This has become SOP for me when adding Windows 7 computers to my domain. (Very old Domain)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

First some basics on Windows 7 Backup.  It has 2 components one is a file based backup which is stored in .zip files each zip is split at around 200 Megabytes and there is the Image Backup which is as the name implies a total image of the partition …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now