Solved

GPO powershell logon script - copy file

Posted on 2015-01-30
8
1,532 Views
Last Modified: 2015-02-10
Hello everyone,

Goal: use Powershell script with Group Policy to copy file from NETLOGON folder to remote computers %WINDIR%

Powershell script:
 ### Copy Java config file to a remote computer ###

$from = "\\DC\NETLOGON\Java\deployment.config"
$destinationFolder =  "C:\Windows\Sun\Java\Deployment\"
if (!(Test-Path -path $destinationFolder)) {New-Item $destinationFolder -Type Directory}
copy-item $from -destination $destinationFolder -Recurse -Force

If i run this script on local computer as Administrator it works fine. If i set Group Policy to run this as logon script the file doesn't get copied. If i change the path to something different than c:\windows - GPO works.
I have checked system security permissions for Windows folder, have tried  GPO under Computer\User Settings.

I've found another way how to copy the file but I'm still keen to find out why this doesn't work for Windows directory and how to trace the cause.

Thanks in advance.
0
Comment
Question by:Excel
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 40579504
You need to deploy this as a startup script assigned to the computers in question, not as a logon script for the users.
The logon script runs in the user's security context, and for very good reasons, users don't have write access to C:\Windows.
The startup script runs as Local System and will be able to write to the Windows folder.
0
 
LVL 7

Expert Comment

by:Deadman
ID: 40579552
check this link to Configuring logon PowerShell scripts with Group Policy

https://4sysops.com/archives/configuring-logon-powershell-scripts-with-group-policy/
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40579790
It is *Much* easier to copy files by using Group Policy Preferences.

https://thommck.wordpress.com/2014/09/04/use-group-policy-preferences-with-wmi-targeting-to-copy-files/
0
 

Author Comment

by:Excel
ID: 40583618
Hi oBdA,
Thanks for the suggestion. I have mentioned in the description "have tried  GPO under Computer\User Settings". This is including Startup script. That didn't work.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Excel
ID: 40583620
Hi dstewartjr,
This is how i did it but my question was why powershell script doesn't work with path to Windows directory. I assume permissions but all seem right.
permissions.png
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 40583753
Works perfectly fine here.
* Created a folder "Java" with a file "deployment.config" in the netlogon folder.
* Put a script "startup.ps1" with your script content into the netlogon folder.
* Added a policy "Startup" to an OU with a test machine.
* Added "\\<domain fqdn>\netlogon\startup.ps1" in "Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)", Tab "PowerShell Scripts"
* Rebooted the machine
* Found the "C:\Windows\SUN\Java\Deployment\deployment.config" file as expected.
You might want to add some logging to it (see below); if the log file is not created, check the system event log for errors with source "GroupPolicy (Microsoft-Windows-GroupPolicy)".
Start-Transcript -Path "C:\Windows\Temp\startup.log"
$from = "\\<domain fqdn>\NETLOGON\Java\deployment.config"
$destinationFolder =  "C:\Windows\Sun\Java\Deployment\"
if (!(Test-Path -path $destinationFolder)) {New-Item $destinationFolder -Type Directory}
copy-item $from -destination $destinationFolder -Force
if ($?) {
	"Successfully copied '$from' to '$destinationFolder'"
}
Stop-Transcript

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 40584032
You mentioned " GPO under Computer\User Settings."

GPO Preferences is under " Computer Configuration > Preferences > Windows Settings > Files"

BTW, GPO preferences are intended to eliminate scripts as they are much easier to manage.
0
 

Author Closing Comment

by:Excel
ID: 40600263
Thank you.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
A brief introduction to what I consider to be the best editor for PowerShell.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now