Problems with 'startup script' running via GPO.

  • Thread starter Thread starter Barkley Bees
  • Start date Start date
B

Barkley Bees

This is a continuation of my previous thread 'Local Admin Password change
script for Domain PC's'. We have opted to use a startup script
(adminpass.vbe) to change the local admin passwords on our PC's.
----------------------------------------------------------
Set WshShell = WScript.CreateObject("WScript.Shell")
WSHShell.Run "Net User administrator password
Set WSHShell = Nothing
----------------------------------------------------------

I have created a group policy and link enabled it to a non-production OU for
testing. When logging on with some test machines I could see that it was not
working. Doing a "gpresult /z > c:\gp.txt" would show: "This script has not
yet been executed". I figured it may be a timing issue so I set "Always wait
for the network at computer startup and logon" and enabled it also. It seems
to be hit and miss. Some logons show:

Startup Scripts
---------------
GPO: Local Admin Password Change
Name: adminpass.vbe
Parameters:
LastExecuted: 6:21:49

while others still show "This script has not yet been executed". Only one
time out of about 30 has the local admin password changed successfully
during testing. I am spinning my wheels in the mud it would seem. Appreciate
any pointers that anyone could throw my way.

- I also verified that the script "adminpass.vbe" had replicated to the
SYSVOL of all our DC's.
- I also tried it as a 'shutdown' script but to no avail.
 
Barkley Bees said:
This is a continuation of my previous thread 'Local Admin Password change
script for Domain PC's'. We have opted to use a startup script
(adminpass.vbe) to change the local admin passwords on our PC's.
----------------------------------------------------------
Set WshShell = WScript.CreateObject("WScript.Shell")
WSHShell.Run "Net User administrator password
Set WSHShell = Nothing
----------------------------------------------------------

I have created a group policy and link enabled it to a non-production OU
for testing. When logging on with some test machines I could see that it
was not working. Doing a "gpresult /z > c:\gp.txt" would show: "This
script has not yet been executed". I figured it may be a timing issue so I
set "Always wait for the network at computer startup and logon" and
enabled it also. It seems to be hit and miss. Some logons show:

Startup Scripts
---------------
GPO: Local Admin Password Change
Name: adminpass.vbe
Parameters:
LastExecuted: 6:21:49

while others still show "This script has not yet been executed". Only one
time out of about 30 has the local admin password changed successfully
during testing. I am spinning my wheels in the mud it would seem.
Appreciate any pointers that anyone could throw my way.

- I also verified that the script "adminpass.vbe" had replicated to the
SYSVOL of all our DC's.
- I also tried it as a 'shutdown' script but to no avail.
Click to expand...

I would use code similar to:
===============
Option Explicit
Dim wshShell, intError

Set wshShell = CreateObject("Wscript.Shell")
intError = wshShell.Run("%comspec% /c net user administrator password", 2,
True)
==========
I use "Option Explicit" and declare all variables to assist troubleshooting.
This runs the command in a separate minimized command window and waits for
the command to finish. If intError is 0, no error was raised. If intError is
not 0 you can do something to write the error number, perhaps to the local
computer. For example:
======
Option Explicit
Dim wshShell, intError
Dim objFSO, objFile

Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True

Set wshShell = CreateObject("Wscript.Shell")
intError = wshShell.Run("%comspec% /c net user administrator password", 2,
True)
If (intError <> 0) Then
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("c:\MyAppError.log", _
ForWriting, CreateIfNotExist, OpenAsASCII)
objFile.WriteLine "Script run at: " & Now()
objFile.WriteLine "Error Number: " & intError
objFile.Close
End If
======
In fact, you can get fancy and use a text file to determine if the script
has already run successfully. For example:
=======
Option Explicit
Dim wshShell, intError
Dim objFSO, objFile, strFile

Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True

strFile = "c:\MyApp.log"
Set objFSO = CreateObject("Scripting.FileSystemObject")
If (objFSO.FileExists(strFile) = True) Then
Wscript.Quit
End If

Set wshShell = CreateObject("Wscript.Shell")
intError = wshShell.Run("%comspec% /c net user administrator password", 2,
True)
If (intError = 0) Then
Set objFile = objFSO.OpenTextFile(strFile, _
ForWriting, CreateIfNotExist, OpenAsASCII)
objFile.WriteLine "Script run at: " & Now()
objFile.Close
Else
Set objFile = objFSO.OpenTextFile("c:\MyAppError.log", _
ForWriting, CreateIfNotExist, OpenAsASCII)
objFile.WriteLine "Script run at: " & Now()
objFile.WriteLine "Error Number: " & intError
objFile.Close
End If
=======
If the log and error files are not local, but perhaps on the network using a
UNC path, then the name of the computer needs to be included in the name of
the file, so each computer has it's own file. This allows you to tell what
has happened by checking the files in a shared folder. The folder where the
files are created must be shared, and since you are using Startup scripts,
the computer objects must have read/write permissions in the share. You can
grant rights to the group "Domain Computers" and this will give all computer
objects the necessary permissions in the share. Then the script could be
similar to:
==========
Option Explicit
Dim wshShell, intError, objNetwork, strComputer
Dim objFSO, objFile, strFile

Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True

Set objNetwork = CreateObject("Wscript.Network")
strComputer = objNetwork.ComputerName

strFile = "\\MyServer\MyShare\" & strComputer & "MyApp.log"
Set objFSO = CreateObject("Scripting.FileSystemObject")
If (objFSO.FileExists(strFile) = True) Then
Wscript.Quit
End If

Set wshShell = CreateObject("Wscript.Shell")
intError = wshShell.Run("%comspec% /c net user administrator password", 2,
True)
If (intError = 0) Then
Set objFile = objFSO.OpenTextFile(strFile, _
ForWriting, CreateIfNotExist, OpenAsASCII)
objFile.WriteLine "Script run at: " & Now()
objFile.Close
Else
Set objFile = objFSO.OpenTextFile("\\MyServer\MyShare\" & strComputer &
"Err.log", _
ForWriting, CreateIfNotExist, OpenAsASCII)
objFile.WriteLine "Script run at: " & Now()
objFile.WriteLine "Error Number: " & intError
objFile.Close
End If
==========
These snippets have not been tested, but you should get the idea.
 
Back
Top