issues with a GPO that calls a powershell script

Posted on 2014-08-25
Last Modified: 2014-08-27
Hi Experts

I have a client who is enabling a new GPO that essentially calls a PowerShell script. We have tested manually the script, and it works very well.

It seems like the group policy is not working, however when you run the gpresult /r and gpupdate/force the policy is being applied. This result was verified from a WIndows 7 joined domain pc

The script basically renames old printers and printer name and add new printers with new server name for all users. I did download the script from link below

Like I mentioned earlier, the script works like a champion.
Please see  details of GPO on the attached files
Question by:Jerry Seinfield

    Author Comment

    by:Jerry Seinfield
    I did try using the format below with no luck

    As additional note, our domain/forest functional level is Windows 2003.

    Domain controllers OS. Windows 2003 R2
    Print servers OS:  Windows 2008 R2

    Can anyone please help me to find the root cause on why I cannot apply a GPO that looks pretty simple and basically calls a powershell script?

    I did manually run the script from a WIndows 7 client and it worked
    LVL 77

    Accepted Solution

    ensure that it is run on the user level and not the machine level.
    Data collected on: 25-Aug-2014 10:19:19 PM hide all 
    The settings in this GPO can only apply to the following groups, users, and computers:Name 
    NT AUTHORITY\Authenticated Users 
    Computer Configuration (Enabled)hide
    No settings defined.
    User Configuration (Enabled)hide
    For this GPO, Script order: Windows PowerShell scripts will run lastName Parameters 

    Open in new window

    If you have a powershell scripts folder in group policy
    you may have to call a batch file
    %systemroot%\System32\Powershell.exe -executionpolicy remotesigned -File .\yourscriptname.ps1   -noprofile
    LVL 38

    Assisted Solution

    I believe the .PS1 script has to be applied from the PowerShell Scripts tab, or else it will just be opened with Notepad.  If you don't have that option (you might try managing GP from a Win7/2008R2 machine), then I think you will have to create a batch script to call the .PS1 script (as David mentioned), and call the batch script from GP.

    Author Comment

    by:Jerry Seinfield
    can you please provide an example of the batch script to be create to call the PST script? and the exact path where this batch must be placed?
    LVL 38

    Expert Comment

    David provided the line.
    %systemroot%\System32\Powershell.exe -executionpolicy remotesigned -File .\yourscriptname.ps1   -noprofile

    The batch file will be the logon script, so will be under the Netlogon share.   You will want to have the .PS1 script saved in a share location that is reachable, and change the batch command above to reference the path to that .PS1 file.
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    I thought I said:


    Open in new window


    Open in new window

    The first one is correct and  the second one is wrong
    LVL 38

    Expert Comment

    Good eye.  I didn't look to closely at the path.  You could also just reference powershell.exe without the full path, as it is included in the system path.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now