Solved

Windows 2008 R2 RDS Logon Scripts will not run at Logon

Posted on 2012-04-10
10
3,518 Views
Last Modified: 2012-04-26
Hi,

We are currently testing new terminal servers in our environment using Windows 2008 R2 SP1 and use logon scripts during the logon process for our users. We have Windows 2003 Domain Controllers. All of our scripts run fine when running on our existing 2003 Terminal servers.

None of our logon scripts are running at logon, this does not appear to relate to the content of the scripts. No scripts run when assigned via group policy however they run fine when executed from the desktop. none of the users running the scripts have administrative rights.

I have performed the following: -

1. disabled UAC
2. enabled linked connections
3. configured the sysvol path in ESC domains (to prevent security dialog boxes blocking running the scripts)
4.I have created a vbscript containing a single wscript.echo statement and a batch file containing a single "pause" command, these simple scripts still do not run via GPO but run fine when executed manually.
5. run a RSOP and checked the last run time of the scripts, none of the scripts have a time (suggesting that they have never run).

Any further pointers would be much appreciated.
0
Comment
Question by:Tolomay
  • 6
  • 3
10 Comments
 

Author Comment

by:Tolomay
Comment Utility
just to add to this,

I have tried the logon scripts using the local GPO on the server and they still do not run.
0
 
LVL 1

Expert Comment

by:BrewersFanRick
Comment Utility
I was really hoping someone had a solution for this too.   I've come across the same thing.
0
 

Author Comment

by:Tolomay
Comment Utility
yeah, I'm hoping it's just a simple setting somewhere, but there doesn't seem to be any information about this.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.

It would help us if you would supply one of the failing scripts.
0
 

Author Comment

by:Tolomay
Comment Utility
Thanks for your reply,

I'm certain this has nothing to do with the scripts themselves as I have linked extremely simple scripts which still do not run. A sample vbscript is shown below: -

wscript.echo "test"

or a sample batch file: -

echo test
pause

The RSOP shows no run time against any of the scripts, suggesting that they have not run.

The actual scripts run fine when run from the desktop direct from the sysvol share and none of the scripts require admin permissions, which to me suggests this is not related to UAC
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Please take a batch file (.bat) that creates a folder below %Temp% and see if it gets created.
md %temp%\%date%

"echo test" is no test at all as logon scripts run invisible.
0
 

Author Comment

by:Tolomay
Comment Utility
They do by default yes, however is possible to change that behaviour. I've enabled "run logon scripts visible" in group policy. This works well in 2003 Server, Unless Microsoft has dropped support for this in 2008 R2 (which would suck). I've also set the timeout on the welcome screen so I can see what's going on behind it.

I've also tried various other non-interactive scripts and none of these work either.

md %temp%\%date% returns a syntax error on my machine (I think it's to do with the %date% variable).

md %temp%\test works fine when run from the desktop, however after deleting the folder and logging back on this doesn't run as a logon script.

even scripts from the local group policy won't run, which suggests to me it could be  problem with the local machine setup, so I'm currently checking the security settings using SCM, I think I've ruled out Mcafee and IE security.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Ok... did you use a batch or vbs for md %temp%...? Take a batch. There have been problems with .vbs files in logon scripts (although I must confess that those were UAC related).
0
 

Accepted Solution

by:
Tolomay earned 0 total points
Comment Utility
Ok, I've finally found the solution to this problem, after checking the GPO event logs in detail  and reviewing Process Monitor logs in detail.

GPOScript.exe was being launched as expected at logon with the /logon switch, however wscript.exe or cmd.exe where not running. The GPO logs showed that the scripts where only running for several milliseconds, which to me suggested that they where not running at all.

After building a new server from scratch (which worked fine), I determined that the PATH environment variable had somehow been deleted from our server build. This prevented windows from finding wscript.exe, cmd.exe etc. After recreating it, the problem was resolved.

That concluded a frustrating few days! No one has owned up to this yet :)

But I thought I'd mention it unless anyone comes accross a similar issue.
0
 

Author Closing Comment

by:Tolomay
Comment Utility
PATH Variable is critical in order for logon/logoff scripts to function. This may not be obvious, so it is useful information for anyone else with this problem.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now