• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1524
  • Last Modified:

Logon script not working on VMware View desktop

I have a VMware View Windows 7 linked clone desktop environment.  For one of my users, I am working on a logon script that will make his domain account a local admin on his desktop.  As these desktops are linked clones, I cannot add him as local admin on the golden image, because he would then be local admin on all desktops.  I created a new GPO on my Windows Server 2008 R2 domain controller linked in the Linked Clones OU.  I added the VMware View Agent Configuration template to this GPO.  I then set the following:

Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\VMware View Agent Configuration\Agent Configuration\CommandsToRunOnConnect --> set to Enabled and command configured "CMD /C c:\scripts\logonlocaladmin.bat"

This .bat script looks like:

NET LOCALGROUP Administrators HCNET\%USERNAME% /ADD

I logged into this desktop through View and ran a gpupdate /force using admin credentials.  I then ran gpresult /r and verified that this gpo is applied to the desktop.  I then restarted this desktop, logged back into the machine using View as the user that owns the desktop, and took a look at the Local Users and Groups.  This user does not show in the Administrators group.  What am I doing wrong here?  I have taken a look at multiple forum posts and this script command should work.  Is there something I am missing?
0
Dustin23
Asked:
Dustin23
  • 4
  • 3
1 Solution
 
Michael PfisterCommented:
Hard to guess, could be a permissions problem or the environment variable isn't available at that time.
I'd add some logging, like
SET LOGFILE=C:\WINDOWS\LOGS\logonlocaladmin.log
echo Script start on computer: [%COMPUTERNAME%]>>%LOGFILE%
echo Executing user: [%USERNAME%]
NET LOCALGROUP Administrators HCNET\%USERNAME% /ADD>>%LOGFILE% 2>&1

Open in new window


The  2>&1 redirects error messages to the same log file
0
 
Dustin23IT DirectorAuthor Commented:
Ok cool, I will make this change and check for any error messages that may populate this log file.  Thanks.
0
 
Dustin23IT DirectorAuthor Commented:
Ok, I tried this and no log file was created on the client or domain controller in that location.  Can you think of a reason why?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Michael PfisterCommented:
2 reasons I can think of:

1. Script can't be executed
2. No permissions to write log

To rule out reason 2, make sure, the local group "Users" has NTFS "change" permisson to files and folder C:\scripts
Modify the log location:
SET LOGFILE=C:\Scripts\logonlocaladmin.log

Open in new window

0
 
Michael PfisterCommented:
After digging around a bit I'm afraid the script won't work because is executed as the user logging on.

The user has a single comuter and ist always the same system? I'd try adding his account to the local administrator group via Group Policy Preferences and set a filter the policy so it will apply to his computer only.

http://community.spiceworks.com/how_to/show/907-gpo-to-push-out-local-administrators-across-a-domain
Add a security filter to the GPO to apply only to his computer name.
0
 
Dustin23IT DirectorAuthor Commented:
Ok I am attempting this new GPO now.  Thanks.
0
 
Dustin23IT DirectorAuthor Commented:
This worked like a charm.  Thanks mpfister!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now