Solved

Active Directory Script issue

Posted on 2011-09-21
20
233 Views
Last Modified: 2012-06-21
Hi,

We are using Windows Server 2003 Domain controllers. Our client machines are running on Windows XP. I have created a startup script and configured the script in the following location.

User Configuration\Administrative Templates\System\Logon----> Run these Programs at User Logon.

Actually the script first check the OS version and if the OS version is XP then only it will proceed. But now the problem is even the usres are logging to 2003/2008 Member servers then also it showing a popup message to run or cancel the script.

We need to avoid this behaviour of the script.  Script.cmd
0
Comment
Question by:gaddam01
  • 11
  • 9
20 Comments
 
LVL 18

Expert Comment

by:x-men
ID: 36572487
Use GP management console to create a filter, or to deny read of the policy, to those servers
0
 
LVL 18

Expert Comment

by:x-men
ID: 36572490
...WMI Filter
0
 

Author Comment

by:gaddam01
ID: 36572779
In the group policy I have disabled Computer Settings so there is no point in discussing about servers. My question is it is only configured for XP in the script then why the script is popping up even when logs on to the server??
0
 

Author Comment

by:gaddam01
ID: 36572799
Is there any modification I need to make in the script sothat It will not execute when a user Logon to Member Servers??
0
 
LVL 18

Expert Comment

by:x-men
ID: 36573174
no, just create the WMI Filter to exclude those computers. The exclusion is about aplying the Policy, so if you have more scripts that should run, you'll have create another policy
0
 

Author Comment

by:gaddam01
ID: 36573360
Hello,

The policy is applied on User basis and not on computer based. I don't understand why WMI filter for Computer level?

The policy is configured at User level only.
0
 
LVL 18

Expert Comment

by:x-men
ID: 36573685
0
 

Author Comment

by:gaddam01
ID: 36574395
In this case, Can you please provide me the WMI Query for my request? What are step to implement this?
0
 
LVL 18

Accepted Solution

by:
x-men earned 500 total points
ID: 36574573
Only target computers running Windows XP Professional.:
Root\CimV2; Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Or, for every edition:
Root\CimV2; Select * from Win32_OperatingSystem where Caption LIKE "Microsoft Windows XP %"


more examples in:http://technet.microsoft.com/en-us/library/cc779036(WS.10).aspx
0
 

Author Comment

by:gaddam01
ID: 36575305
Thanks for the reply. However I reboot a client machine and logs onto the machine then script popup is coming like to Run or Cancel the script.

I would like to avoid this and needs to run this script in silent mode. Is there any way for this and this should not impact the user login process on any workstation and Member server??

Waiting for your valuable reply.
0
 
LVL 18

Expert Comment

by:x-men
ID: 36579251
here's the equivalente in vbs

it will check if is XP, and if true, it will execute \\10.29.1.12\Audit\scan\scan32.exe on a hidden window.
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set oWMI = SWBemlocator.ConnectServer(sComputerName,"\root\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each oItem in cItems
	If oItem.BuildNumber = "2600" Then ' Windows XP
		Set WshShell = WScript.CreateObject("WScript.Shell")
		WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False
	End If
Next

Open in new window

0
 
LVL 18

Expert Comment

by:x-men
ID: 36579258
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
sComputerName = "."
Set oWMI = SWBemlocator.ConnectServer(sComputerName,"\root\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each oItem in cItems
      If oItem.BuildNumber = "2600" Then ' Windows XP
            Set WshShell = WScript.CreateObject("WScript.Shell")
            WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False
      End If
Next
0
 

Author Comment

by:gaddam01
ID: 36579678
I need to put this under which location in GPMC?  Can you please specify the setting?
0
 

Author Comment

by:gaddam01
ID: 36579686
This script will have any impact on Logon/Logoff process for the user?
It will have any impact on the system startup/shutdown time also?
0
 
LVL 18

Expert Comment

by:x-men
ID: 36579787
the script is exactly the same as your "Script.cmd" but writen in .vbs
0
 
LVL 18

Expert Comment

by:x-men
ID: 36579804
the "false" in "WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False" means that the script doesnt wait for the "scan32.exe" to end, so, in case of logon, the exe is started in background and the script ends. In case of logoff, the "scan32.exe" is killed by the shutdown (logoff) process.
0
 

Author Comment

by:gaddam01
ID: 36579897
In GPMC Where I need to user your script?

Computer Configuration  Startup scripts ? or User configuratin Login script?
0
 
LVL 18

Expert Comment

by:x-men
ID: 36580404
User Configuration\Administrative Templates\System\Logon----> Run these Programs at User Logon.
0
 

Author Comment

by:gaddam01
ID: 36583073
Thanks for the reply. But when I configured the script given by you I am getting a popup on every reboot. I don't want this popup needs to be enabled. The script needs to be run with out any action from users.

Please find the screen shot of the Popup message that we are getting.

Please send me a resolution for this issue. It is very urgent. Script-Popup.docx
0
 
LVL 18

Expert Comment

by:x-men
ID: 36585996
it has to do with the scan32.exe application, not the script.

User Configuration–>Administrative Templates–>Windows Components–>Attachment Manager
3. Add “*.exe” to the “Inclusion list for moderate risk file types” setting. You can also add other file types.
This should disable the “Publisher Could Not Be Verified” messages from appearing for that file type in the future.

do you understand the risk of adding this policy?
0

Join & Write a Comment

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now