Solved

VB logon script only works at second logon

Posted on 2014-01-13
13
641 Views
Last Modified: 2014-01-14
Greetings all,

I've run into a strange VBScript error with a logon script I've created.  At one point the script has to copy a shortcut to the end users desktop.  This has to be copied at each logon because the URL will change from one server to another depending on which is the primary.

When the URL in the source file is changed to a new server, end users log in and the script should overwrite the existing file with the new one that has the correct URL.

Problem is, the script only seems to work the second time the end users log in.  Below is the script and any help would be great....

On Error Resume Next

'-----------------------------------------------------
'Set variables for group determination etc.
'-----------------------------------------------------
Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("Wscript.Network")
Set WSHShell = CreateObject("Wscript.Shell")
Set WSHProcess = WSHShell.Environment("Process")
'Set objShell = CreateObject(wscript.shell)

'-----------------------------------------------------
'Get the distinguished name of the user that logged on
'-----------------------------------------------------
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)


'-----------------------------------------------------
'Report back the groups the user belongs to.
'-----------------------------------------------------
For Each strGroup in objUser.MemberOf
    strGroupPath = "LDAP://" & strGroup
    Set objGroup = GetObject(strGroupPath)
    strGroupName = objGroup.CN

'-----------------------------------------------------
'Get the Logon Server and end script if not xxxxxxx
'-----------------------------------------------------
'DomainLogonServer = WSHProcess("LogonServer")



'---------------------------------------------------------------
' Call the AD Security Group and copy appropriate shortcut.
'---------------------------------------------------------------


      Select Case strGroupName

        Case "TN-BACS Users"
           
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            set WshShell = WScript.CreateObject("WScript.Shell")
            tDesktopPath = WshShell.SpecialFolders("Desktop")
            objFSO.CopyFile "C:\Scripts\Shortcut\Picture Perfect 4 Client.*", tDesktopPath, True

        Case "TN-BACSWEB-Users"
           
            Set objFSO = CreateObject("Scripting.FileSystemObject")
            set WshShell = WScript.CreateObject("WScript.Shell")
            tDesktopPath = WshShell.SpecialFolders("Desktop")
            objFSO.CopyFile "C:\Scripts\Shortcut\BACSWEB.*", tDesktopPath, True


    End Select



Next
0
Comment
Question by:yccdadmins
  • 4
  • 3
  • 3
  • +2
13 Comments
 

Author Comment

by:yccdadmins
ID: 39777234
This is really weird - it has to be some kind of Microsoft glitch.  I added the following lines in before the copy.  It works great - but only on the second login.  Login once and nothing works but no error messages.  Login the second time and the file has been deleted and replaced with the new shortcut.

Why does this only work on the second login?


Dim oFS

 Set objWshShell = CreateObject("WScript.Shell")
 Set oFS = CreateObject("Scripting.FileSystemObject")

 Userprofile=objWshShell.ExpandEnvironmentStrings("%userprofile%")


 IF oFS.FileExists(Userprofile & "\desktop\Picture Perfect 4 Client.*") THEN
 oFS.DeleteFile (Userprofile & "\desktop\Picture Perfect 4 Client.*")
 ENd IF

 IF oFS.FileExists(Userprofile & "\desktop\BACSWEB.*") THEN
 oFS.DeleteFile (Userprofile & "\desktop\BACSWEB.*")
 ENd IF
0
 

Author Comment

by:yccdadmins
ID: 39777392
Ignore the whole part in the last comment with the "If" stuff.

I've tested this again and the original script as listed above works consistently but only on the second logon.

Anyone have any idea why a logon script would run with no errors but only work the second time someone logs in.

Also should note that this is a login via remote desktop.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39778474
I haven't had time to look at script or know why, unless network is not available when script runs -the i.e. wireless being used etc. but just wondered if instead you could do something like having all the shortcuts present on desktop and using ntfs permissions to stop access to them?

Do you know that the script runs at all, i.e. how far it gets based on other parts of same script, or could put some debugging in, either simple 'wscript.echo "line 1" or some logging to file.

if the script doesnt make it to start at all, we need to look at different to if it fails on first login part way through.

Steve
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 39778718
Are you calling it via a mapped drive or unc path?
0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39778961
and from NetLogon ?

agree with dragon, need to write some debug output for all users, to the netlogon area.
0
 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39778986
heres part of logon script i wrote a while ago to copy dll to client

const LogFldr="\\boss\SYSVOL\ZEUS.com.au\logs\"       

	dim a, src , sVers
	dim fs
	src="dsofile.dll"
	lf = "installs.log"
	sVers=""
	Set oNet = CreateObject("WScript.Network")

	datetime=Year(now()) & Right("0" & Month(now()), 2) & Right("0" & Day(now()), 2) & "=" & Right("0" & Hour(now()), 2) & Right("0" & Minute(now()), 2) '& Right("0" & Second(now()), 2)

	Set fso = CreateObject("Scripting.FileSystemObject")  
	sysfld = fso.GetSpecialFolder(1)    'the system folder
	winfld =  fso.GetSpecialFolder(0)   'the windows folder

	' write to Log 
	Set flf = fso.GetFile(logfldr & lf)
	Set tslf = flf.OpenAsTextStream(OpenFileForAppending)

	tslf.Write (Onet.ComputerName & " , " & "BEGIN" & " , " & Datetime & vbCrLf)

tslf.Write (Onet.ComputerName & " , " & "1:xx" & vbcrlf)

etc

Open in new window

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 32

Expert Comment

by:Robberbaron (robr)
ID: 39779003
so i add number log output to various parts of the script to see where and when it gets run.

are you sure your only have one logon server ??  each server with AD role can process logons as the NETLOGON folder is replicated.  thats one reason i use the sysvol UNC so it doesn't matter.
0
 

Author Comment

by:yccdadmins
ID: 39779392
Hello all and thanks for the input.

Let me try and answer some of the questions to help narrow things down.

- I double checked the script by running it locally (double clicked on the .vbs file) and it works as intended.  The script copies the new(er) URL shortcut and overwrites the existing due to the "True" at the end of the objFSO.CopyFile.  That's what I've read that is for anyway,

- The script is run via local Group Policy on a Windows RDS server when end users log in to perform tasks.

- After a changes is made to the URL shortcut, and an end user logs in for the first time, the script doesn't seem to run.  The reason I say this is because there are no errors revealed from the compiler or in any logs.

- When the end user logs out and then logs back in, everything works like a charm.

I have had this same issue in the past while working for another organization.  I'm pretty sure it is a Microsoft "feature" that requires some policy to be enabled (or disabled) but I've lost my notes.

Thanks you for your assistance and I'll keep digging as well.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39779600
If you put some logging in their to show the user you can see if it is running at all to rule that out, or whether it is running and getting so far then choking.

Steve
0
 
LVL 5

Accepted Solution

by:
alicain earned 500 total points
ID: 39779643
Just a quick thought - Are we talking about "second login after a reboot?" If so, have you enabled Always Wait For Network?
0
 

Author Comment

by:yccdadmins
ID: 39779906
That was it alicain - or at least most of it!  I looked up that GPO and also found another that is needed to resolve this issue.  They are both as follows:

“Always wait for the network at computer startup and logon”  located at…

Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\

“Run logon scripts synchronously” located at…

Computer Configuration\Administrative Templates\System\Scripts\

Once you got me searching on "Always wait..." I found it in my notes from a year or so ago.  Unfortunately I didn't write down the URL where I found the fix.

Now that I've applied these two GP objects the script runs at first logon every time.  My notes said the login was slower when I did this a while back but it might have been the older system - didn't really notice a difference on this server.

Thanks!
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39780067
Was going to post those which you do need but you got there first.  Always a good idea to turn on the options to run login script visibly when it isn't already too so you can see what is going on.

Tends to happen more with Wireless networks than wired, and also if you logon immediately the logon box appears than waiting until everything has fully loaded.

Steve
0
 
LVL 5

Expert Comment

by:alicain
ID: 39780356
Good to hear that did the trick.

Regards,
Alastair.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now