#22380 - 2002-05-29 09:55 PM
Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Scenario: I have an Active Directory domain. I have copied the logon.bat, Kix32.exe, kixtart.kix, kx32.dll, kx16.dll, kx95.dll, and kxrpc files to the Netlogon share. My user account profile, login script properties have set: logon.bat. Within logon.bat, I have:
@echo off
%0\..\kix32.exe
Problem: The kix login script ONLY runs when a domain administrator logs in. The kix login script DOES NOT RUN when a regular user logs in.
Can anyone help?
Thanks,
Jason
|
|
Top
|
|
|
|
#22381 - 2002-05-29 10:29 PM
Re: Kixtart script runs under administrator, but not user
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
I'm guessing a few possibilities:
1. The permissions on your netlogon share aren't right (I'm not sure how this would occur, but I would guess it's possible.)
2. You're not copying files properly to the netlogon share (via replication.)
3. The script is actually running, but errors out (because of permission problems) before you see anything happen. (We'd need to see your script to get this figured out.)
4. Also unlikely (provided #3 is false) -- problems with user permissions on the PC. You can test this by making users local admins.
Brian
|
|
Top
|
|
|
|
#22382 - 2002-05-29 11:13 PM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Brian,
Thanks for the thoughts...
#1 - Permissions are okay.
#2 - All files on all NETLOGON shares are there.
#3 - Verified script is not running.
#4 - As local admins, the user IS able to run the script, but I have found other information.
I've been testing more. A regular user can run this script on a W2K that does NOT have the Novell client on it. The error that I am having happens only on particular W2K clients running the Novell client. Therefore, I logged the user into a 95 machine running the Novell client, and the script worked. *took a deep breath* hehe
Therefore, I am thinking that I need to install the latest Novell client on this particular W2K client. Hopefully, the script will run on this particular scenario once an updated Novell client is installed.
![[Smile]](images/icons/smile.gif)
-Jason
|
|
Top
|
|
|
|
|
#22385 - 2002-05-30 12:07 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Jens,
I have seen the CallOrder registry hack that you have provided before. Although, the registry hack is for Client32. The client which I am running is the latest Novell Client...Novell Client 4.83 for Windows 2000. The provided registry hacks do not exist anymore. There is a "Network Provider" under Local_Machine\Software\Novell, although there are no existing registry values listed there. I am at a loss and currently am on hold with Novell support. Hopefully, they will pick up the phone sometime soon. hehe
-Jason
|
|
Top
|
|
|
|
|
#22387 - 2002-05-30 02:54 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Yes, in properties of My Network Places, Advanced, Advanced Settings, I have already changed the provider order with Microsoft Windows Network on the top. But that not changed any affect during testing.
Since logging in as a domain administrator runs the kix script, then it is something other than Network Provider properties.
I have also updated to the latest client, but it has had no affect.
Since logging in as a domain administrator makes the login script work, I am thinking the answer may lie on security properties of the user account within AD. I am about to begin testing that.
|
|
Top
|
|
|
|
|
#22388 - 2002-05-30 03:11 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Yes, I was correct. When I gave the jsmith full control on jsmith's user account in Active Directory, the login script worked. hehe This is VERY interesting! I am going to narrow it down to the specific property which is allowing this login to work with the Novell Client.
-Jason
|
|
Top
|
|
|
|
|
#22389 - 2002-05-30 03:24 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
Ok. I found it. In order for the user to be able to read the login script information for its particular user account, the user MUST have "Read Permissions" property on the object tab of the account's Advanced Permissions within Active Directory. When a user account is created, by default, it automatically receives this permission. The user account I was testing with, happened to not have had that permission set. Ugggh! I hope this info helps any other frustrated soul out there who may be dealing with this issue. :-)
-Jason
|
|
Top
|
|
|
|
|
#22390 - 2002-05-30 03:32 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
I also want to add that I am finding more Active Directory user accounts that do NOT have "Self" listed with "Read Permissions" on the user account. These user accounts I am finding all have one thing in common. The "User Cannot Change Password" attribute was set for all of these user accounts. All of these user accounts may have been created from a common template. Anyway, this Active Directory domain was upgraded from a NT 4.0 domain... Another reason for doing a CLEAN install with Active Directory!
-Jason
|
|
Top
|
|
|
|
|
#22391 - 2002-05-30 04:22 AM
Re: Kixtart script runs under administrator, but not user
|
JasLC
Fresh Scripter
Registered: 2002-05-29
Posts: 39
Loc: Fort Worth
|
If there is anyone else in this situation with an upgraded domain and user accounts that don't have correct permissions, you can set user accounts back to its default permissions with dsacls.exe found in the Windows 2000 Support Tools. The syntax is:
dsacls [distinguished name of user account] /S
You can easily export all user accounts out of Active directory, delete all rows except for user objects, delete all columns except for distinguished name, make distinguished name column2, make "dsacls" column1, and make "/S" column3. Save as a batch file. Then, execute batch file to reset all AD accounts.
Cheers!
-Jason
|
|
Top
|
|
|
|
#22392 - 2002-05-30 05:09 AM
Re: Kixtart script runs under administrator, but not user
|
MCA
KiX Supporter
Registered: 2000-04-28
Posts: 5152
Loc: Netherlands, EU
|
FYI: related microsoft topic about "how it's working".
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q232199
greetings.
[ 30 May 2002, 05:11: Message edited by: MCA ]
|
|
Top
|
|
|
|
|
#22393 - 2002-05-30 03:09 PM
Re: Kixtart script runs under administrator, but not user
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
After reading through the Novell stuff, I thought I was way off with my first post, but.... Now, I don't feel so bad! ![[Wink]](images/icons/wink.gif)
Brian
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 2082 anonymous users online.
|
|
|
