#200750 - 2010-11-24 04:42 PM
Basic script not running via GPO for 1 user only
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
I've been digging through the posts to see if I could find the answer to my question but so far I've been coming up short.
I'm working with a new client in which I inherited an existing Windows 2008 domain. Even though they had AD set up they were not actually logging onto the domain, the company before was just using AD for their Exchange. So I've connected them to the domain and set up a very simple logon script using the Kix 4.61 just mapping drives based on user groups.
The problem that I'm having is that one of the users, one of the original users, does not get the drive mappings from the GPO. I can however run the same command from the prompt that is set in the GPO (\\server\netlogon\wkix32.exe \\server\netlogon\logon.kix) and the mappings will occur. I've checked GPRESULT and it shows the group memeberships for the user and it shows the policy has been replied.
As a bandaid I've just added a batch script to her logon script to run the command above. I've seen mention in the forums about the group membership cache and using a /f option on the command, but if I can run the script from the command line would that be the problem? I can also log on as another user to the same computer and get the drive mappings, so it appears to be something related to this particular user.
Anyone have any suggestions?
Thanks in advance,
JTT
|
Top
|
|
|
|
#200755 - 2010-11-24 07:49 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
The user is in the same OU as the other users and from what I've been told the problem exists on other computers. However I have not verified that with this users account am basing that off me requesting she try from one of the other computers.
The GPO is new so there aren't any excluded users, I even tried to add her specifically with no success. As mentioned the RSOP data shows that the Logon GPO has been applied to her user account.
Thanks for the heads up on using the domain in the GPO. This client is fairly small at this time and only has the one server, but this will be good for some other installations that I'll be setting up in the near future.
|
Top
|
|
|
|
#200811 - 2010-11-26 10:42 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
Agreed, I try to do everything standard across all sites and try not to do anything that anyone following behind me can't figure out quickly.
I'll have to try having a batch script call the logon script, unfortunately the client is closed until Monday so that testing will have to wait until then.
How do you run the kix script from the User Profile? Back in the XP days I use to run a logon script bat file that would call the kix from the Profile properties in AD, but we couldn't get it to work with an different client and Windows 7. When I set this client up I read on the forums that using GPO was the way to go with Windows 7.
You are correct in that the GPO points to the executable and the script located in the netlogon folder.
-JTT
|
Top
|
|
|
|
#200813 - 2010-11-27 12:42 AM
Re: Basic script not running via GPO for 1 user only
[Re: JTT]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
Unless you have Win-9x systems, there's no need for a batch file. I'm not sure what forum you were reading, but that's not advice I'd give, and I have worked on some global enterprise environments. GPO logon script for computer and admin tasks and login script via profile for user/environment setup. This way, everything runs in the appropriate context.
I generally install our login script into the netlogon folder, customize the login.ini, and define one user to have "kix32.exe kixtart.kix" in the login script field of their profile. If that works as defined, I'll select groups of user with similar configurations in ADUC, edit the properties and change the login script setting for all of them. Our login script works on all platforms, from W2k to 2K8 and W7. In small environments (under 20 resource mappings and no lookups), it runs in sub-second times. We've actually had to allow admins to specify a "minimum display time" so the screen is visible for at least 5-6 seconds. In a large environment - 50+ resoureces and multiple 500-item lookup tables, it still runs in under 10 seconds. By eliminating custom coding (the login script is tokenized and the same script used at every client) and using a config file, I can usually have a login script installed and configured at a new client in a few minutes. At one client, I replaced 435 individual script files with a single script and config file in just a few days of review of existing scripts and change-control meetings.
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
#200941 - 2010-11-30 06:25 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
Thanks for the information, I didn't realize I could call the script from the profile like that. One thing I noticed with my test is that the drives are almost immediately available compared to when using the GPO.
Now I have something interesting to add on the original problem. The one user that will not map using Kix and the GPO can map using a bat file, I even changed the bat file to call the kix script, the same as the GPO is doing from netlogon and it works. However if I put just "kix32.exe logon.kix" in this users profile she will not get the drive mappings.
This just adds to my confusion now. What would be stopping this one user from running the kix script? The user is a domain admin so I don't think it's a rights issue.
-Jason
|
Top
|
|
|
|
#200970 - 2010-12-01 05:23 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Yes both the executable and the script are in the netlogon folder. At this point I'm not tokenizing the script, however I'm not sure if there is a copy of kix running on the machine that she uses since it's been in use before my involvment with this company. The problem does seem to follow the user because when we log her into a new machine that I know does not have kix installed the same thing happens, no drive mappings.
I have no proof that the script is running when the mappings don't occur, I could create a script with a pause or a window pop-up to test this. All the PC's are running Windows 7 Professional.
I did discover that there are two other users, users created before me, that have the same problem. I will be back on that site tomorrow and I will get you the information.
Thanks again for all your help on this.
|
Top
|
|
|
|
#200972 - 2010-12-01 05:55 PM
Re: Basic script not running via GPO for 1 user only
[Re: JTT]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
I was actually able to set up a remote session to a computer that is not in use yet and pulled this with the test.bat. Below is the contents of the env.txt file.
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\bprice\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VRX-STN12
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\bprice
LOCALAPPDATA=C:\Users\bprice\AppData\Local
LOGONSERVER=\\FILESERVER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=\\FILESERVER\NETLOGON;C:\Windows\system32;C:\Windows;C:\Windows
System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program
Files\Intel\DMIX;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software
Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v
\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program
Files\Common Files\Roxio Shared\10.0\DLLShared\;c:\Program Files\Microsoft
SQL Server\90\Tools\binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=170a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
SEE_MASK_NOZONECHECKS=1
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\bprice\AppData\Local\Temp
TMP=C:\Users\bprice\AppData\Local\Temp
USERDNSDOMAIN=VRX.LOCAL
USERDOMAIN=VRX
USERNAME=bprice
USERPROFILE=C:\Users\bprice
windir=C:\Windows
Edited by JTT (2010-12-01 06:26 PM) Edit Reason: Modified Path so it wasn't one long line
|
Top
|
|
|
|
#200989 - 2010-12-02 05:43 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
I've gone through the steps you suggested and it appears the script isn't running at all when using kix32 in the profile. I can run the same kix script if I call the script and kix32 from a bat file I place in the users profile without any errors so I'm pretty confident it's not the kix script itself. Seems to be something with the network and the users.
I have "Run logon scripts synchronously" enabled on both the computer and user configurations on the Default Domain Policy and I have the "Always wait for the network at computer startup and logon" enable on the computer configuration.
-Jason
|
Top
|
|
|
|
#200990 - 2010-12-02 06:09 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Glenn-
I assume there is nothing wrong with calling the kix script from a bat file if it works. I'm just curious as to why using "kix32.exe logon.kix" in the profile tab is not working for certain users. It makes me concerned that there's a bigger issue on the network that I'm not seeing.
-Jason
|
Top
|
|
|
|
#201098 - 2010-12-07 10:41 PM
Re: Basic script not running via GPO for 1 user only
[Re: Glenn Barnas]
|
JTT
Fresh Scripter
Registered: 2002-10-14
Posts: 32
Loc: Utah
|
Only one DC on the LAN. I'm out of state on another site, so I've had to put that one hold for the time being. Before I left I moved everyone over to use the bat script.
-Jason
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 557 anonymous users online.
|
|
|