• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

Active Directory Script issue

Hi,

We are using Windows Server 2003 Domain controllers. Our client machines are running on Windows XP. I have created a startup script and configured the script in the following location.

User Configuration\Administrative Templates\System\Logon----> Run these Programs at User Logon.

Actually the script first check the OS version and if the OS version is XP then only it will proceed. But now the problem is even the usres are logging to 2003/2008 Member servers then also it showing a popup message to run or cancel the script.

We need to avoid this behaviour of the script.  Script.cmd
0
gaddam01
Asked:
gaddam01
  • 11
  • 9
1 Solution
 
x-menIT super heroCommented:
Use GP management console to create a filter, or to deny read of the policy, to those servers
0
 
x-menIT super heroCommented:
...WMI Filter
0
 
gaddam01Author Commented:
In the group policy I have disabled Computer Settings so there is no point in discussing about servers. My question is it is only configured for XP in the script then why the script is popping up even when logs on to the server??
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
gaddam01Author Commented:
Is there any modification I need to make in the script sothat It will not execute when a user Logon to Member Servers??
0
 
x-menIT super heroCommented:
no, just create the WMI Filter to exclude those computers. The exclusion is about aplying the Policy, so if you have more scripts that should run, you'll have create another policy
0
 
gaddam01Author Commented:
Hello,

The policy is applied on User basis and not on computer based. I don't understand why WMI filter for Computer level?

The policy is configured at User level only.
0
 
x-menIT super heroCommented:
0
 
gaddam01Author Commented:
In this case, Can you please provide me the WMI Query for my request? What are step to implement this?
0
 
x-menIT super heroCommented:
Only target computers running Windows XP Professional.:
Root\CimV2; Select * from Win32_OperatingSystem where Caption = "Microsoft Windows XP Professional"

Or, for every edition:
Root\CimV2; Select * from Win32_OperatingSystem where Caption LIKE "Microsoft Windows XP %"


more examples in:http://technet.microsoft.com/en-us/library/cc779036(WS.10).aspx
0
 
gaddam01Author Commented:
Thanks for the reply. However I reboot a client machine and logs onto the machine then script popup is coming like to Run or Cancel the script.

I would like to avoid this and needs to run this script in silent mode. Is there any way for this and this should not impact the user login process on any workstation and Member server??

Waiting for your valuable reply.
0
 
x-menIT super heroCommented:
here's the equivalente in vbs

it will check if is XP, and if true, it will execute \\10.29.1.12\Audit\scan\scan32.exe on a hidden window.
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set oWMI = SWBemlocator.ConnectServer(sComputerName,"\root\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each oItem in cItems
	If oItem.BuildNumber = "2600" Then ' Windows XP
		Set WshShell = WScript.CreateObject("WScript.Shell")
		WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False
	End If
Next

Open in new window

0
 
x-menIT super heroCommented:
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
sComputerName = "."
Set oWMI = SWBemlocator.ConnectServer(sComputerName,"\root\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each oItem in cItems
      If oItem.BuildNumber = "2600" Then ' Windows XP
            Set WshShell = WScript.CreateObject("WScript.Shell")
            WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False
      End If
Next
0
 
gaddam01Author Commented:
I need to put this under which location in GPMC?  Can you please specify the setting?
0
 
gaddam01Author Commented:
This script will have any impact on Logon/Logoff process for the user?
It will have any impact on the system startup/shutdown time also?
0
 
x-menIT super heroCommented:
the script is exactly the same as your "Script.cmd" but writen in .vbs
0
 
x-menIT super heroCommented:
the "false" in "WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False" means that the script doesnt wait for the "scan32.exe" to end, so, in case of logon, the exe is started in background and the script ends. In case of logoff, the "scan32.exe" is killed by the shutdown (logoff) process.
0
 
gaddam01Author Commented:
In GPMC Where I need to user your script?

Computer Configuration  Startup scripts ? or User configuratin Login script?
0
 
x-menIT super heroCommented:
User Configuration\Administrative Templates\System\Logon----> Run these Programs at User Logon.
0
 
gaddam01Author Commented:
Thanks for the reply. But when I configured the script given by you I am getting a popup on every reboot. I don't want this popup needs to be enabled. The script needs to be run with out any action from users.

Please find the screen shot of the Popup message that we are getting.

Please send me a resolution for this issue. It is very urgent. Script-Popup.docx
0
 
x-menIT super heroCommented:
it has to do with the scan32.exe application, not the script.

User Configuration–>Administrative Templates–>Windows Components–>Attachment Manager
3. Add “*.exe” to the “Inclusion list for moderate risk file types” setting. You can also add other file types.
This should disable the “Publisher Could Not Be Verified” messages from appearing for that file type in the future.

do you understand the risk of adding this policy?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 11
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now