Dustin23
asked on
Logon script not working on VMware View desktop
I have a VMware View Windows 7 linked clone desktop environment. For one of my users, I am working on a logon script that will make his domain account a local admin on his desktop. As these desktops are linked clones, I cannot add him as local admin on the golden image, because he would then be local admin on all desktops. I created a new GPO on my Windows Server 2008 R2 domain controller linked in the Linked Clones OU. I added the VMware View Agent Configuration template to this GPO. I then set the following:
Computer Configuration\Policies\Adm inistrativ e Templates\Classic Administrative Templates (ADM)\VMware View Agent Configuration\Agent Configuration\CommandsToRu nOnConnect --> set to Enabled and command configured "CMD /C c:\scripts\logonlocaladmin .bat"
This .bat script looks like:
NET LOCALGROUP Administrators HCNET\%USERNAME% /ADD
I logged into this desktop through View and ran a gpupdate /force using admin credentials. I then ran gpresult /r and verified that this gpo is applied to the desktop. I then restarted this desktop, logged back into the machine using View as the user that owns the desktop, and took a look at the Local Users and Groups. This user does not show in the Administrators group. What am I doing wrong here? I have taken a look at multiple forum posts and this script command should work. Is there something I am missing?
Computer Configuration\Policies\Adm
This .bat script looks like:
NET LOCALGROUP Administrators HCNET\%USERNAME% /ADD
I logged into this desktop through View and ran a gpupdate /force using admin credentials. I then ran gpresult /r and verified that this gpo is applied to the desktop. I then restarted this desktop, logged back into the machine using View as the user that owns the desktop, and took a look at the Local Users and Groups. This user does not show in the Administrators group. What am I doing wrong here? I have taken a look at multiple forum posts and this script command should work. Is there something I am missing?
ASKER
Ok cool, I will make this change and check for any error messages that may populate this log file. Thanks.
ASKER
Ok, I tried this and no log file was created on the client or domain controller in that location. Can you think of a reason why?
2 reasons I can think of:
1. Script can't be executed
2. No permissions to write log
To rule out reason 2, make sure, the local group "Users" has NTFS "change" permisson to files and folder C:\scripts
Modify the log location:
1. Script can't be executed
2. No permissions to write log
To rule out reason 2, make sure, the local group "Users" has NTFS "change" permisson to files and folder C:\scripts
Modify the log location:
SET LOGFILE=C:\Scripts\logonlocaladmin.log
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I am attempting this new GPO now. Thanks.
ASKER
This worked like a charm. Thanks mpfister!!
I'd add some logging, like
Open in new window
The 2>&1 redirects error messages to the same log file