gaddam01
asked on
Active Directory Script issue
Hi,
We are using Windows Server 2003 Domain controllers. Our client machines are running on Windows XP. I have created a startup script and configured the script in the following location.
User Configuration\Administrati ve Templates\System\Logon---- > Run these Programs at User Logon.
Actually the script first check the OS version and if the OS version is XP then only it will proceed. But now the problem is even the usres are logging to 2003/2008 Member servers then also it showing a popup message to run or cancel the script.
We need to avoid this behaviour of the script. Script.cmd
We are using Windows Server 2003 Domain controllers. Our client machines are running on Windows XP. I have created a startup script and configured the script in the following location.
User Configuration\Administrati
Actually the script first check the OS version and if the OS version is XP then only it will proceed. But now the problem is even the usres are logging to 2003/2008 Member servers then also it showing a popup message to run or cancel the script.
We need to avoid this behaviour of the script. Script.cmd
Use GP management console to create a filter, or to deny read of the policy, to those servers
...WMI Filter
ASKER
In the group policy I have disabled Computer Settings so there is no point in discussing about servers. My question is it is only configured for XP in the script then why the script is popping up even when logs on to the server??
ASKER
Is there any modification I need to make in the script sothat It will not execute when a user Logon to Member Servers??
no, just create the WMI Filter to exclude those computers. The exclusion is about aplying the Policy, so if you have more scripts that should run, you'll have create another policy
ASKER
Hello,
The policy is applied on User basis and not on computer based. I don't understand why WMI filter for Computer level?
The policy is configured at User level only.
The policy is applied on User basis and not on computer based. I don't understand why WMI filter for Computer level?
The policy is configured at User level only.
to understand, read: http://technet.microsoft.com/en-us/library/cc786768(WS.10).aspx
ASKER
In this case, Can you please provide me the WMI Query for my request? What are step to implement this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the reply. However I reboot a client machine and logs onto the machine then script popup is coming like to Run or Cancel the script.
I would like to avoid this and needs to run this script in silent mode. Is there any way for this and this should not impact the user login process on any workstation and Member server??
Waiting for your valuable reply.
I would like to avoid this and needs to run this script in silent mode. Is there any way for this and this should not impact the user login process on any workstation and Member server??
Waiting for your valuable reply.
here's the equivalente in vbs
it will check if is XP, and if true, it will execute \\10.29.1.12\Audit\scan\sc an32.exe on a hidden window.
it will check if is XP, and if true, it will execute \\10.29.1.12\Audit\scan\sc
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set oWMI = SWBemlocator.ConnectServer(sComputerName,"\root\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each oItem in cItems
If oItem.BuildNumber = "2600" Then ' Windows XP
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "\\10.29.1.12\Audit\scan\scan32.exe",1,False
End If
Next
Dim SWBemlocator, oWMI, cItems, oItem, sVer
Set SWBemlocator = CreateObject("WbemScriptin g.SWbemLoc ator")
sComputerName = "."
Set oWMI = SWBemlocator.ConnectServer (sComputer Name,"\roo t\CIMV2")
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48 )
For Each oItem in cItems
If oItem.BuildNumber = "2600" Then ' Windows XP
Set WshShell = WScript.CreateObject("WScr ipt.Shell" )
WshShell.Run "\\10.29.1.12\Audit\scan\s can32.exe" ,1,False
End If
Next
Set SWBemlocator = CreateObject("WbemScriptin
sComputerName = "."
Set oWMI = SWBemlocator.ConnectServer
Set cItems = oWMI.ExecQuery("Select * from Win32_OperatingSystem",,48
For Each oItem in cItems
If oItem.BuildNumber = "2600" Then ' Windows XP
Set WshShell = WScript.CreateObject("WScr
WshShell.Run "\\10.29.1.12\Audit\scan\s
End If
Next
ASKER
I need to put this under which location in GPMC? Can you please specify the setting?
ASKER
This script will have any impact on Logon/Logoff process for the user?
It will have any impact on the system startup/shutdown time also?
It will have any impact on the system startup/shutdown time also?
the script is exactly the same as your "Script.cmd" but writen in .vbs
the "false" in "WshShell.Run "\\10.29.1.12\Audit\scan\s can32.exe" ,1,False" means that the script doesnt wait for the "scan32.exe" to end, so, in case of logon, the exe is started in background and the script ends. In case of logoff, the "scan32.exe" is killed by the shutdown (logoff) process.
ASKER
In GPMC Where I need to user your script?
Computer Configuration Startup scripts ? or User configuratin Login script?
Computer Configuration Startup scripts ? or User configuratin Login script?
User Configuration\Administrati ve Templates\System\Logon---- > Run these Programs at User Logon.
ASKER
Thanks for the reply. But when I configured the script given by you I am getting a popup on every reboot. I don't want this popup needs to be enabled. The script needs to be run with out any action from users.
Please find the screen shot of the Popup message that we are getting.
Please send me a resolution for this issue. It is very urgent. Script-Popup.docx
Please find the screen shot of the Popup message that we are getting.
Please send me a resolution for this issue. It is very urgent. Script-Popup.docx
it has to do with the scan32.exe application, not the script.
User Configuration–>Administrat ive Templates–>Windows Components–>Attachment Manager
3. Add “*.exe” to the “Inclusion list for moderate risk file types” setting. You can also add other file types.
This should disable the “Publisher Could Not Be Verified” messages from appearing for that file type in the future.
do you understand the risk of adding this policy?
User Configuration–>Administrat
3. Add “*.exe” to the “Inclusion list for moderate risk file types” setting. You can also add other file types.
This should disable the “Publisher Could Not Be Verified” messages from appearing for that file type in the future.
do you understand the risk of adding this policy?