• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2641
  • Last Modified:

GPO powershell logon script - copy file

Hello everyone,

Goal: use Powershell script with Group Policy to copy file from NETLOGON folder to remote computers %WINDIR%

Powershell script:
 ### Copy Java config file to a remote computer ###

$from = "\\DC\NETLOGON\Java\deployment.config"
$destinationFolder =  "C:\Windows\Sun\Java\Deployment\"
if (!(Test-Path -path $destinationFolder)) {New-Item $destinationFolder -Type Directory}
copy-item $from -destination $destinationFolder -Recurse -Force

If i run this script on local computer as Administrator it works fine. If i set Group Policy to run this as logon script the file doesn't get copied. If i change the path to something different than c:\windows - GPO works.
I have checked system security permissions for Windows folder, have tried  GPO under Computer\User Settings.

I've found another way how to copy the file but I'm still keen to find out why this doesn't work for Windows directory and how to trace the cause.

Thanks in advance.
0
Excel
Asked:
Excel
  • 3
  • 2
  • 2
  • +1
1 Solution
 
oBdACommented:
You need to deploy this as a startup script assigned to the computers in question, not as a logon script for the users.
The logon script runs in the user's security context, and for very good reasons, users don't have write access to C:\Windows.
The startup script runs as Local System and will be able to write to the Windows folder.
0
 
DeadmanIT ConsultantCommented:
check this link to Configuring logon PowerShell scripts with Group Policy

https://4sysops.com/archives/configuring-logon-powershell-scripts-with-group-policy/
0
 
Donald StewartNetwork AdministratorCommented:
It is *Much* easier to copy files by using Group Policy Preferences.

https://thommck.wordpress.com/2014/09/04/use-group-policy-preferences-with-wmi-targeting-to-copy-files/
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
ExcelAuthor Commented:
Hi oBdA,
Thanks for the suggestion. I have mentioned in the description "have tried  GPO under Computer\User Settings". This is including Startup script. That didn't work.
0
 
ExcelAuthor Commented:
Hi dstewartjr,
This is how i did it but my question was why powershell script doesn't work with path to Windows directory. I assume permissions but all seem right.
permissions.png
0
 
oBdACommented:
Works perfectly fine here.
* Created a folder "Java" with a file "deployment.config" in the netlogon folder.
* Put a script "startup.ps1" with your script content into the netlogon folder.
* Added a policy "Startup" to an OU with a test machine.
* Added "\\<domain fqdn>\netlogon\startup.ps1" in "Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)", Tab "PowerShell Scripts"
* Rebooted the machine
* Found the "C:\Windows\SUN\Java\Deployment\deployment.config" file as expected.
You might want to add some logging to it (see below); if the log file is not created, check the system event log for errors with source "GroupPolicy (Microsoft-Windows-GroupPolicy)".
Start-Transcript -Path "C:\Windows\Temp\startup.log"
$from = "\\<domain fqdn>\NETLOGON\Java\deployment.config"
$destinationFolder =  "C:\Windows\Sun\Java\Deployment\"
if (!(Test-Path -path $destinationFolder)) {New-Item $destinationFolder -Type Directory}
copy-item $from -destination $destinationFolder -Force
if ($?) {
	"Successfully copied '$from' to '$destinationFolder'"
}
Stop-Transcript

Open in new window

0
 
Donald StewartNetwork AdministratorCommented:
You mentioned " GPO under Computer\User Settings."

GPO Preferences is under " Computer Configuration > Preferences > Windows Settings > Files"

BTW, GPO preferences are intended to eliminate scripts as they are much easier to manage.
1
 
ExcelAuthor Commented:
Thank you.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now