MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.
Course Of The Month
7 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
how to skip GPO scripts if not connected to Domain ?
Posted on 2011-09-04
Hi all,
I need to know :
1) How to stop the GPO scripts not to run on those laptops which not connected to domain , and only run GPO scripts when they are connected to Domain.
background info:
client : Windows XP Pro SP3
Active Directory : Windows 2008 domain
reason: when users logon to their laptops and if they are on the road (offline) , it takes a very long time to contact Domain controllers to process GPO scripts, the startup scripts just sits there and eventually time out.
2) How to stop the GPO settings for Folder redirection not to try to map "my document" to the home share on the server if the users are logging on offline (out on the road)
thanks
I need to know :
1) How to stop the GPO scripts not to run on those laptops which not connected to domain , and only run GPO scripts when they are connected to Domain.
background info:
client : Windows XP Pro SP3
Active Directory : Windows 2008 domain
reason: when users logon to their laptops and if they are on the road (offline) , it takes a very long time to contact Domain controllers to process GPO scripts, the startup scripts just sits there and eventually time out.
2) How to stop the GPO settings for Folder redirection not to try to map "my document" to the home share on the server if the users are logging on offline (out on the road)
thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
The normal behavior here, especially for the My Documents redirection, should be acceptable and not too noticeable. Do you have your domain policy set to enabled on: Interactive logon: Require Domain Controller authentication to unlock? This will definitely be slower when on the network, and will prevent logon when the domain is not reachable.
Also, processing logon scripts synchronously prevents explorer from launching until after scripts are completed, be sure this is not enabled: Run logon scripts synchronously.
These are both located in the computer portion of a policy, under:
Security Settings...Local Policies...Security Options...Interactive logon: Require Domain Controller authentication to unlock
and
Administrative Templates...System...Scrip
For troubleshooting your scripts to see if they ARE hanging up indefinitely, turn on the policy: Run Startup scripts visible so that you can see the script during logon in a cmd window. Otherwise, they process in the background and you can see them.
One more policy allows you to set the time for total script run time, and if it exceeds the time set, it'll force continue/exit of the remaing scripts, allowing the rest of the logon to take place. This default value of 10 minutes is a bit long, but don't adjust to less than a minute or so, to make sure your scripts, in normal fashion, can complete when domain connected: Maximum wait time for Group Policy scripts.
I don't believe that the scripts that are applied to the computer or user from a gpo are processed though, unless you ARE connected to a domain.
Also, processing logon scripts synchronously prevents explorer from launching until after scripts are completed, be sure this is not enabled: Run logon scripts synchronously.
These are both located in the computer portion of a policy, under:
Security Settings...Local Policies...Security Options...Interactive logon: Require Domain Controller authentication to unlock
and
Administrative Templates...System...Scrip
For troubleshooting your scripts to see if they ARE hanging up indefinitely, turn on the policy: Run Startup scripts visible so that you can see the script during logon in a cmd window. Otherwise, they process in the background and you can see them.
One more policy allows you to set the time for total script run time, and if it exceeds the time set, it'll force continue/exit of the remaing scripts, allowing the rest of the logon to take place. This default value of 10 minutes is a bit long, but don't adjust to less than a minute or so, to make sure your scripts, in normal fashion, can complete when domain connected: Maximum wait time for Group Policy scripts.
I don't believe that the scripts that are applied to the computer or user from a gpo are processed though, unless you ARE connected to a domain.
Hi BobintheNoc!
thanks for your response, i am checking the settings now and back here for the update
thanks for your response, i am checking the settings now and back here for the update
you can try to check logon type on scripts stratup, and if it is cached then you can skip any commands that are not required (or all commands)
Set colSessions = objWMI.ExecQuery _
("Select * from Win32_LogonSession Where LogonType = 11")
Logon Type 0 = System Only
Logon Type 1 = unknown
Logon Type 2 = Interactive Logon
Logon Type 3 = Network
Logon Type 4 = Batch
Logon Type 5 = Service
Logon Type 6 = (proxy logon)
Logon Type 7 = Unlock Workstation
Logon Type 8 = Network Clear Text
Logon Type 9 = New Credentials
Logon Type 10 = Remote Interactive (Windows XP and newer operating systems only).
Logon Type 11 = Cached Interactive
Logon Type 12 = CachedRemoteInteractive
Logon Type 13 = CachedUnlock
good luck
Set colSessions = objWMI.ExecQuery _
("Select * from Win32_LogonSession Where LogonType = 11")
Logon Type 0 = System Only
Logon Type 1 = unknown
Logon Type 2 = Interactive Logon
Logon Type 3 = Network
Logon Type 4 = Batch
Logon Type 5 = Service
Logon Type 6 = (proxy logon)
Logon Type 7 = Unlock Workstation
Logon Type 8 = Network Clear Text
Logon Type 9 = New Credentials
Logon Type 10 = Remote Interactive (Windows XP and newer operating systems only).
Logon Type 11 = Cached Interactive
Logon Type 12 = CachedRemoteInteractive
Logon Type 13 = CachedUnlock
good luck
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Messaging apps are amazing tools with the power to do a lot of good, but the truth is the process of collaborating with coworkers requires relationships established through meaningful communication - the kind of communication that only happens face-…
- Highfive
- Telecommunications
- Conferencing Software
- Chat / IM
- Productivity Apps
- Enterprise Software
When you start your Windows 10 PC and got an "Operating system not found" error or just saw "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing. You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro:
1 - Those with PCIe drives (and haven't found cloning software that works on them).
2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month7 days, 1 hour left to enroll
726 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.