GPO Logon Script not running...

  • Thread starter Thread starter David Johnston
  • Start date Start date
D

David Johnston

Login script is applied as a group policy at the domain
level. It has been working great for 2 years, then
recently stopped working. Unfortunately I do not know
when it failed so I cannot link it to a SP or patch. I
just know that the logon process is being totally ignored.

If I point a user profile to the script, it works fine,

Server = Windows 2000 Active Directory, SP4
Most workstations are Windows 2000 Pro, some are XP Pro

While on this subject, what is the difference between:
\\DOMCTL\SYSVOL\TMG.NET\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACH
INE\Scripts\Startup
\\DOMCTL\SYSVOL\TMG.NET\scripts
\\DOMCTL\NETLOGON


Thanks!
 
Hi David

Do other policies from the same GPO get applied? look at gpresult /v to see
what GPO's have applied.

One thing to try is to enable user environment logging on the Client, look
for "slow link" in the log file that is produced... if a slow link is being
detected things like logon scripts will not run. There are settings in the
GP to define slow link and what runs if a slow link is detected. Also look
through this log file to determine what is being processed at logon, often
errors are shown in here which show the reason for a failure.

Please see http://support.microsoft.com/default.aspx?scid=kb;en-us;221833

The file structures you mention:
\\DOMCTL\SYSVOL\TMG.NET\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACH
INE\Scripts\Startup
This will be the machine Startup script location for the GPO with the GUID
{31B2F340-016D-11D2-945F-00C04FB984F9} this is a well known GUID and
happens to be the Default Domain Policy for the TMG.net domain.

\\DOMCTL\SYSVOL\TMG.NET\scripts
This is the folder that is shared out as Netlogon, Netlogon is the location
for placing policies, logon scripts etc for 9x/NT4 clients.

HTH

Jody
 
Jody

The login script is configured here:

Default Domain Policy -> Computer Config -> Windows Settings -> Scripts
(Startup/Shutdown) -> Startup

The value I changed to test your question was:

Default Domain Policy -> Computer Config -> Windows Settings -> Security
Settings -> Local Policy -> Security Options -> Message Text For Users....

I changed a word in the message text and the change did show up upon next
logon, so I'd have to say that yes, other policies are being applied. (I
just don't know if this is considered the same GPO or not)

Does this help?

Thanks

Dave
 
Yep that would be in the same GPO, so it looks like it is applying......

The script that you have set up is a machine startup script..... this will
run once the computer has booted up, before the user logs on. Scripts set
here run in the context of the machine at machine startup.....

Logon Scripts should be set at
Default Domain Policy -> User Config -> Windows Settings -> Scripts
(Logon/Logoff)

Also ensure that settings in Default Domain Policy -> User Config -> Admin
Templates -> System -> Logon/Logoff are not set so that the script runs
hidden etc.

Also take a look at
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241 for details
on setting up logon/logoff scripts....

Cheers

Jody
 
Jody

Oops.... I was obviously in the wrong place. Anyway, I placed the logon
script into the correct place:
Default Domain Policy -> User Config -> Windows Settings -> Scripts
(Logon/Logoff)
but it still fails. I also checked one other policy in that group:
Default Domain Policy -> User Config -> Windows Settings -> Internet
Explorer Maintenance -> Browser User Interface -> Browser Title (I changed
it to our company name)
and it failed also, so to answer your previous question again, it appears
that other policies are not being applied.

Dave
 
Jody,

I ran the gpresult utility and got these results. Interesting that under
Computer Settings, the Default Domain Policy was applied, but in User
settings it was not. (If I right click in Group Policy on Default Domain
Policy -> Properties, under the General tab, there are 2 check boxes to
disable the Computer and User configurations. Neither is checked.)

Help?

Dave

=============================================================
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 9/19/2003 at 2:26:34 PM

RSOP results for DOMAIN\USER on USERPC : Logging Mode
----------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=TMGDAVIDJXP,CN=Computers,DC=TMG,DC=NET
Last time Group Policy was applied: 9/19/2003 at 1:06:27 PM
Group Policy was applied from: tmgdc2.TMG.NET
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
:
:
:
:
:
:
===============================================================

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 9/19/2003 at 2:20:06 PM


RSOP results for DOMAIN\USER on USERPC : Logging Mode
----------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No


USER SETTINGS
--------------
CN=xxxxxxxxxxxxx,OU=xxxxxxxxxxxxx,DC=xxx,DC=xxx
Last time Group Policy was applied: 9/19/2003 at 2:15:54 PM
Group Policy was applied from: xxxxxxx.xxxx.xxxxx
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
 
Jody

I lied: I must not have waited long enough. The change I made to:

Default Domain Policy -> User Config -> Windows Settings -> Internet
Explorer Maintenance -> Browser User Interface -> Browser Title (I changed
it to our company name)
DID work.

Dave
 
Hi David

Did you get the userenv logging? If so please post it so I can take a look
through...

Cheers

Jody

--
Jody Flett
Microsoft
This posting is provided "AS IS" with no warranties, and confers no rights
 
Jody

Thank you for taking a look at the log. I don't want to post it here so am
emailing directly to you right now.

David


Jody Flett said:
Hi David

Did you get the userenv logging? If so please post it so I can take a look
through...

Cheers

Jody

--
Jody Flett
Microsoft
This posting is provided "AS IS" with no warranties, and confers no rights


David Johnston said:
Jody

I lied: I must not have waited long enough. The change I made to:

Default Domain Policy -> User Config -> Windows Settings -> Internet
Explorer Maintenance -> Browser User Interface -> Browser Title (I changed
it to our company name)
DID work.

Dave

Jody Flett said:
Yep that would be in the same GPO, so it looks like it is applying......

The script that you have set up is a machine startup script..... this will
run once the computer has booted up, before the user logs on. Scripts set
here run in the context of the machine at machine startup.....

Logon Scripts should be set at
Default Domain Policy -> User Config -> Windows Settings -> Scripts
(Logon/Logoff)

Also ensure that settings in Default Domain Policy -> User Config -> Admin
Templates -> System -> Logon/Logoff are not set so that the script runs
hidden etc.

Also take a look at
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241 for details
on setting up logon/logoff scripts....

Cheers

Jody
--
Jody Flett
Microsoft
This posting is provided "AS IS" with no warranties, and confers no rights

"David Johnston" <davidj[at]themembersgroup.com> wrote in message
Jody

The login script is configured here:

Default Domain Policy -> Computer Config -> Windows Settings -> Scripts
(Startup/Shutdown) -> Startup

The value I changed to test your question was:

Default Domain Policy -> Computer Config -> Windows Settings -> Security
Settings -> Local Policy -> Security Options -> Message Text For Users....

I changed a word in the message text and the change did show up upon next
logon, so I'd have to say that yes, other policies are being
Click to expand...
applied.
(I
just don't know if this is considered the same GPO or not)

Does this help?

Thanks

Dave


Hi David

Do other policies from the same GPO get applied? look at gpresult
Click to expand...
/v
to
see
what GPO's have applied.

One thing to try is to enable user environment logging on the Client,
look
for "slow link" in the log file that is produced... if a slow link is
being
detected things like logon scripts will not run. There are
Click to expand...
Click to expand...
settings
in
Click to expand...
\\DOMCTL\SYSVOL\TMG.NET\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACH
Click to expand...
 
Back
Top