• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 937
  • Last Modified:

GPO VB login script won't run for new users

Hi Guys,

We have a VB login script for users in the GPO of Windows Server 2008.
The login script works just fine for existing users, but for two new users the script won't run.
The workstations are on Windows 7 OS.

The workstations have been successfully joined to the domain.

Any help will be appreciated.
Regards, Rupert


0
Rupert Eghardt
Asked:
Rupert Eghardt
  • 6
  • 5
  • 3
  • +2
3 Solutions
 
Krzysztof PytkoActive Directory EngineerCommented:
Check on that Windows 7 if you disable UAC, does it work? Probably UAC is the root issue for that

Regards,
Krzysztof
0
 
AmitIT ArchitectCommented:
Where you have configured it in GPO?

Computer Configuration or User Config.

If Computer Config, move computer objects to same OU where you applied it.
0
 
Rupert EghardtAuthor Commented:
In the GPO the script is save under
C:\Windows\sysvol\domain\policies\{xxx}\user\scripts\logon
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
AmitIT ArchitectCommented:
Check application logs, if AV is or something is trying to block it.
0
 
Rupert EghardtAuthor Commented:
The scripts runs manually, when running the logon.vbs file from the workstation side.

Upon running the script manually there was a problem reported on line 7:
StrGroups=LCase(Join(CurrentUser.MemberOf))

After removing this line the logon script ran manually without reporting any problem.
* Not sure why the existing workstations didn't give an error on this line?
Could it be, because the new user is not part of a group?

We still have to run the script manually on these two workstations,  We've put the script in the start-up which seems to be working for now.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Looks like insufficient user's rights for this script action. Startup scripts use higher privileges for running scripts.

Krzysztof
0
 
Rupert EghardtAuthor Commented:
One of these users had a workstation before, that mapped the network drives successfully, it is still the same user account, etc.  Why only when the user got a new PC did the problems begin?
The user also had Windows 7 OS before.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Could you post this script here for analyze, please?

Krzysztof
0
 
Rupert EghardtAuthor Commented:
'Option Explicit

Set wshNetwork = CreateObject("WScript.Network")

Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

Dim strDriveLetter, strRemotePath
Dim objNetwork, objShell
Dim CheckDrive, AlreadyConnected, intDrive

                             
strDriveLetter1 = "W:"
strRemotePath1 = "\\SERVER-SBS\UserShares\" & wshNetwork.UserName

strDriveLetter2 = "M:"
strRemotePath2 = "\\SERVER-SBS\Management"

strDriveLetter3 = "S:"
strRemotePath3 = "\\SERVER-SBS\Sales"

strDriveLetter4 = "Q:"
strRemotePath4 = "\\SERVER-SBS\QMS"

WScript.Quit
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Try this script (please ensure that users have configured Home Drive and Home path within their properties in AD)

 
On Error Resume Next

Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("WScript.Shell")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
set objFSO = CreateObject("Scripting.FileSystemObject")

strDomain = LCase(objNetwork.UserDomain)
strUser = LCase(objNetwork.UserName)
strHomeDrive = LCase(objUser.HomeDrive)
strHomeDirectory = LCase(objUser.HomeDirectory)

objNetwork.RemoveNetworkDrive "M:", True, True
objNetwork.MapNetworkDrive "M:", "\\SERVER-SBS\Management"

objNetwork.RemoveNetworkDrive "S:", True, True
objNetwork.MapNetworkDrive "S:", "\\SERVER-SBS\Sales"

objNetwork.RemoveNetworkDrive "Q:", True, True
objNetwork.MapNetworkDrive "Q:", "\\SERVER-SBS\QMS"

objNetwork.MapNetworkDrive strHomeDrive, strHomeDirectory

Open in new window


Krzysztof
0
 
thomasd04Commented:
Hi rupertvz. Have you already confirmed that the GPO is being applied to the two computers with RSoP via MMC or GPRESULT from the command-line? Just to make sure that this is isolated script problem or possibly a GPO problem.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK remove

strHomeDrive = LCase(objUser.HomeDrive)
strHomeDirectory = LCase(objUser.HomeDirectory)
objNetwork.MapNetworkDrive strHomeDrive, strHomeDirectory

in your case doesn't make sense :)

use

objNetwork.RemoveNetworkDrive "W:", True, True
objNetwork.MapNetworkDrive "W:", "\\SERVER-SBS\UserShares\" & strUser
0
 
Rupert EghardtAuthor Commented:
Hi Thomas,  Do I need a specific switch for GPResult?
0
 
thomasd04Commented:
You can run it two different ways:
1- gpresult > C:\gp.txt
This will output the results to a text file you can then post up here if you need help reading it.
2- gpresult /USER username > C:\gp_username.txt
This will output the results that affect the user that you specify and will also write to a text file.

0
 
Rupert EghardtAuthor Commented:
I am already away from the workstation, will check tomorrow morning.
I see that I should run switch for example:  GPRESULT /R

If the GPO is not yet applied to the W/S, how can I force apply the GPO to the W/S?
0
 
thomasd04Commented:
From the run or command prompt you can use GPUPDATE /FORCE. Or simply restarting the target computer will refresh the GPO settings. If the gpresult isn't showing the correct GPO being applied than you have a problem that's independent of the contents of the script.

Running RSoP will show more detailed information about what is being applied.
0
 
LarcenIIICommented:
GPUPDATE /FORCE

If it asks to reboot, that usually does the trick. If it does not, then check firewall / Permissions and try again until it does ask you to reboot.

This has become SOP for me when adding Windows 7 computers to my domain. (Very old Domain)
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now