Solved

how to skip GPO scripts if not connected to Domain ?

Posted on 2011-09-04
4
1,582 Views
Last Modified: 2012-05-12
Hi all,

I need to know :
1)  How to stop the GPO scripts not to run on those laptops which not connected to domain , and only run GPO scripts when they are connected to Domain.
background info:
client : Windows XP Pro SP3
Active Directory : Windows 2008 domain
reason: when users logon to their laptops and if they are on the road (offline) , it takes a very long time to contact Domain controllers to process GPO scripts, the startup scripts just sits there and eventually time out.
2) How to stop the GPO settings for Folder redirection not to try to map "my document" to the home share on the server if the users are logging on offline (out on the road)

thanks
0
Comment
Question by:gsawan
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 500 total points
ID: 36481845
The normal behavior here, especially for the My Documents redirection, should be acceptable and not too noticeable.  Do you have your domain policy set to enabled on: Interactive logon: Require Domain Controller authentication to unlock?  This will definitely be slower when on the network, and will prevent logon when the domain is not reachable.

Also, processing logon scripts synchronously prevents explorer from launching until after scripts are completed, be sure this is not enabled: Run logon scripts synchronously.

These are both located in the computer portion of a policy, under:
Security Settings...Local Policies...Security Options...Interactive logon: Require Domain Controller authentication to unlock  
 and
Administrative Templates...System...Scripts:Run logon scripts synchronously and Run Startup Script Asynchronously should be enabled to allow all scripts to run simultaneously instead of waiting for one script to complete before moving onto the next script.

For troubleshooting your scripts to see if they ARE hanging up indefinitely, turn on the policy:  Run Startup scripts visible  so that you can see the script during logon in a cmd window.  Otherwise, they process in the background and you can see them.

One more policy allows you to set the time for total script run time, and if it exceeds the time set, it'll force continue/exit of the remaing scripts, allowing the rest of the logon to take place.  This default value of 10 minutes is a bit long, but don't adjust to less than a minute or so, to make sure your scripts, in normal fashion, can complete when domain connected:  Maximum wait time for Group Policy scripts.

I don't believe that the scripts that are applied to the computer or user from a gpo are processed though, unless you ARE connected to a domain.

0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36481955
There are also user based settings for script visibility, synchronous and async modes, etc.,
0
 

Author Comment

by:gsawan
ID: 36482030
Hi BobintheNoc!
thanks for your response, i am checking the settings now and back here for the update
0
 
LVL 12

Expert Comment

by:FarWest
ID: 36482288
you can try to check logon type on scripts stratup, and if it is cached then you can skip any commands that are not required (or all commands)

Set colSessions = objWMI.ExecQuery _
              ("Select * from Win32_LogonSession Where LogonType = 11")


Logon Type 0 = System Only
 Logon Type 1 = unknown
 Logon Type 2 = Interactive Logon
 Logon Type 3 = Network
 Logon Type 4 = Batch
 Logon Type 5 = Service
 Logon Type 6 = (proxy logon)
 Logon Type 7 = Unlock Workstation
 Logon Type 8 = Network Clear Text
 Logon Type 9 = New Credentials
 Logon Type 10 = Remote Interactive (Windows XP and newer operating systems only).
 Logon Type 11 = Cached Interactive
 Logon Type 12 = CachedRemoteInteractive
 Logon Type 13 = CachedUnlock

good luck
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Template/Progam Advice 4 45
Blue screen when trying to install xp on hd 22 130
Trying to update or install win 7 in a win xp pc 18 111
How Do I Set Up XP Mode in Windows 7? 8 72
If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now