Solved

Windows 2008 R2 RDS Logon Scripts will not run at Logon

Posted on 2012-04-10
10
3,579 Views
Last Modified: 2012-04-26
Hi,

We are currently testing new terminal servers in our environment using Windows 2008 R2 SP1 and use logon scripts during the logon process for our users. We have Windows 2003 Domain Controllers. All of our scripts run fine when running on our existing 2003 Terminal servers.

None of our logon scripts are running at logon, this does not appear to relate to the content of the scripts. No scripts run when assigned via group policy however they run fine when executed from the desktop. none of the users running the scripts have administrative rights.

I have performed the following: -

1. disabled UAC
2. enabled linked connections
3. configured the sysvol path in ESC domains (to prevent security dialog boxes blocking running the scripts)
4.I have created a vbscript containing a single wscript.echo statement and a batch file containing a single "pause" command, these simple scripts still do not run via GPO but run fine when executed manually.
5. run a RSOP and checked the last run time of the scripts, none of the scripts have a time (suggesting that they have never run).

Any further pointers would be much appreciated.
0
Comment
Question by:Tolomay
  • 6
  • 3
10 Comments
 

Author Comment

by:Tolomay
ID: 37828302
just to add to this,

I have tried the logon scripts using the local GPO on the server and they still do not run.
0
 
LVL 1

Expert Comment

by:BrewersFanRick
ID: 37844079
I was really hoping someone had a solution for this too.   I've come across the same thing.
0
 

Author Comment

by:Tolomay
ID: 37844645
yeah, I'm hoping it's just a simple setting somewhere, but there doesn't seem to be any information about this.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 54

Expert Comment

by:McKnife
ID: 37849413
Hi.

It would help us if you would supply one of the failing scripts.
0
 

Author Comment

by:Tolomay
ID: 37850170
Thanks for your reply,

I'm certain this has nothing to do with the scripts themselves as I have linked extremely simple scripts which still do not run. A sample vbscript is shown below: -

wscript.echo "test"

or a sample batch file: -

echo test
pause

The RSOP shows no run time against any of the scripts, suggesting that they have not run.

The actual scripts run fine when run from the desktop direct from the sysvol share and none of the scripts require admin permissions, which to me suggests this is not related to UAC
0
 
LVL 54

Expert Comment

by:McKnife
ID: 37853007
Please take a batch file (.bat) that creates a folder below %Temp% and see if it gets created.
md %temp%\%date%

"echo test" is no test at all as logon scripts run invisible.
0
 

Author Comment

by:Tolomay
ID: 37853200
They do by default yes, however is possible to change that behaviour. I've enabled "run logon scripts visible" in group policy. This works well in 2003 Server, Unless Microsoft has dropped support for this in 2008 R2 (which would suck). I've also set the timeout on the welcome screen so I can see what's going on behind it.

I've also tried various other non-interactive scripts and none of these work either.

md %temp%\%date% returns a syntax error on my machine (I think it's to do with the %date% variable).

md %temp%\test works fine when run from the desktop, however after deleting the folder and logging back on this doesn't run as a logon script.

even scripts from the local group policy won't run, which suggests to me it could be  problem with the local machine setup, so I'm currently checking the security settings using SCM, I think I've ruled out Mcafee and IE security.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 37853314
Ok... did you use a batch or vbs for md %temp%...? Take a batch. There have been problems with .vbs files in logon scripts (although I must confess that those were UAC related).
0
 

Accepted Solution

by:
Tolomay earned 0 total points
ID: 37875514
Ok, I've finally found the solution to this problem, after checking the GPO event logs in detail  and reviewing Process Monitor logs in detail.

GPOScript.exe was being launched as expected at logon with the /logon switch, however wscript.exe or cmd.exe where not running. The GPO logs showed that the scripts where only running for several milliseconds, which to me suggested that they where not running at all.

After building a new server from scratch (which worked fine), I determined that the PATH environment variable had somehow been deleted from our server build. This prevented windows from finding wscript.exe, cmd.exe etc. After recreating it, the problem was resolved.

That concluded a frustrating few days! No one has owned up to this yet :)

But I thought I'd mention it unless anyone comes accross a similar issue.
0
 

Author Closing Comment

by:Tolomay
ID: 37896031
PATH Variable is critical in order for logon/logoff scripts to function. This may not be obvious, so it is useful information for anyone else with this problem.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Disable SSLv3.0/TLSv1.0 - Windows 2012R2 3 32
windows 10 versions 3 34
Change size 15 43
Problem to file 4 21
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question