asked on

Can not copy xml files to users computer %programdata%\ ... via GPO

Dear All,

I have a question would like to ask, currently we have a cisco anyconnect program installed on all clients computer, and when user open the cisco anyconnect icon, it will be asked to type in the ssl vpn hostname in order to connect vpn, and i want to hard code the ssl vpn hostname in the field so our user dont need to manually type in everytime, and i need to copy the xml file to %programdata%\cisco... , and i have created a GPO to copies 2 xml files to user's %programdata%\... but it seems doesn't updated the 2 xml files to users computer, any would help be appreicated

Hayes Jupe

what does the event log say ?

i think you'll also find that the filename is preferences_global.xml..... you've not correctly specified the source and destination.

keith li

ASKER

i need to check the DC event log am i right ?

Craig Beck

Aside from pushing it out via GPO, Anyconnect should remember the VPN destination once it has been connected.

As Hayes Jupe said, the GPO has a folder path, not an absolute path which includes the filename of the file you want to copy.

Hayes Jupe

no, event log on the client.

keith li

ASKER

yes normally the vpn destination will remembered the last time connection name but one of our user reported after they rebooted the computer the vpn hostname that they entered were gone and they need to enter in manually everytime, and our management ask us if we can hard code it so its can prevent such issue, and i have renamed the file name with xml at the back but still failed to copy, and i just look for the event log, i don't see anything related, may i know which caterary i should check under event viewer ?

keith li

ASKER

i'm receiving this error, any idea ?

Hayes Jupe

so thats an "access is denied" error message.... does the computer account have access to the file? check share and file permissions... you will need to add "domain computers" or "authenticated users"... which im guessing is not currently on the source

keith li

ASKER

the shared permission is authenticate user and gained as read only and the same for NTFS permission, and testes on the user computer I could access the source folder from file server and also open the xml file, is it something to do with the "update" or "replace" in gpo ?

keith li

ASKER

and I check the event log every reboot but it's weird that I don't see such log appearing, is it not normal ?

Hayes Jupe

actually, you havent shown us in the original screenshot if your running this in the computer or user section.... so - which section are you running this ins? computer or user ?

if computer - testing as the user isnt helpful in this scenario - as the copy operation is running as the computer account...

if user - yes, it could be access to the destination object that is the issue - check the perms at that end

keith li

ASKER

this gpo is applied on computer account rather than user, the target computer could access to the source and read the xml file successfully

Hayes Jupe

ok... well... if that was the case, you wouldn't be getting that error. You can use PSExec to launch a command prompt as the system account and check to see if the computer account has access... but if your saying it does - then i cant do much else there.

Your next step is to enable debug logging and see the exactly where the access denied is occuring.

https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/enabling-group-policy-preferences-debug-logging-using-the-rsat/ba-p/395555

keith li

ASKER

ok let me take a look thx a lots

ASKER CERTIFIED SOLUTION

Pete Long

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial