Page 1 of 1 1
Topic Options
#206305 - 2012-11-28 11:42 PM call Kix from GPO
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
hi, i have been using this Kix script for quite a while and have recently discovered issues with Windows 7. this particular question isn't to do with Win7 in particular.
i have recently deployed a new RODC and need to run some separate scripting for those users on that DC. what should the GPO script look like to run successfully from a GPO?
mine now shows it won't run with UNC's:(
thanks

Top
#206307 - 2012-11-29 12:13 AM Re: call Kix from GPO [Re: swixtt]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Can you elaborate on what your problem is, as I don't understand your question. The kixtart script is identical whether it's run from the netlogon folder using the user profile tab in active directory or when its run from the gpo. The only difference being is that you have to use the logon section if you don't want to change your kixtart script as the startup section in the gpo won't run anything in the user context.

Are you asking how to run kixtart scripts in the startup, shutdown, logon and logoff sections within the gpo or are you asking something different. GPO scripts don't run from UNCS. You need to copy your script to the location of the gpo and then tell it to run kix32 and specify the name of the kixtart.kix file in the optional parameters.

Top
#206311 - 2012-11-29 03:10 AM Re: call Kix from GPO [Re: Robdutoit]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
uhm... gpo's do run from UNCs.
_________________________
!

download KiXnet

Top
#206314 - 2012-11-29 10:58 AM Re: call Kix from GPO [Re: Lonkero]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Yes, technically they do, but thats not what I mean when I say they don't run from UNC. I am referring to how the script is accessed by the domain controller through active directory. I remember many years ago when I looked into using gpo's to run my script and I also had problems getting my scripts to work. It's not that difficult, but if you have never done it before and you have no instructions, its not necessarily intuitive, or at least ways, when I first tried it years ago, it wasn't.
Top
#206328 - 2012-11-30 03:49 PM Re: call Kix from GPO [Re: Robdutoit]
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
hi, thanks for the note. i didn't explain myself very well, did i.

i have had a script kicking off from the Policies\Windows Setting\Scripts\Logon for quite a while. ever since Win7 we've slowly had workstations unable to run this. not all Win7 machines and very random on which ones it doesn't work on. my temporary fix was to just drag a Shortcut to the User's Startup to get them running.
now that we have this new RODC in another branch i've really got to nail down why i can't get certain scripts to run. so in the past we just had to start kix32.exe from \\server\netlogon\kix32.exe and if no script is defined it would just look for kixtart.kix file and run it. now that i have a different name for our RODC server i need to run kix32.exe in a batch to run a script against it. if i setup a batch, that is when it complains about running it from a UNC path.
@echo off
%0\..\kix32.exe kixtart_RODCserver.kix
pause

now if i just run the \\server\netlogon\kix32 kixtart_RODCserver.kix from the Run on the local workstation it runs fine.

so in the end what can i put in the GPO to start up the above? what should it look like? should i use the Logon in Policies\Administrative Template\System\Logon instead??


Edited by swixtt (2012-11-30 04:25 PM)

Top
#206329 - 2012-11-30 09:38 PM Re: call Kix from GPO [Re: swixtt]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
why you have server specified in the path?
go with \\yourdomain.dns.name\netlogon and it will give you your closest/fastest server share.

to figure out why gpo doesn't fire, you can look at the workstation logs and do a gpo results query.
_________________________
!

download KiXnet

Top
#206330 - 2012-11-30 10:44 PM Re: call Kix from GPO [Re: Lonkero]
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
because i've always done it that way within the single domain.

i've figured out that i need to add %0\..\ to both... i can get it run now when defining in the User's AD Profile. still doesn't kick-off with a GPO:( will see if what the results query shows on the workstation.

Top
#206331 - 2012-11-30 11:21 PM Re: call Kix from GPO [Re: swixtt]
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
OK, i have a feeling it is detecting 'slow link' and shutting down the 'Scripts' as that is the default behavior for it.:(
i really thought it would pull the script from the local RODC but for whatever reason my default %logonserver% is changing. i had the RODC acting as the proper one for a day and then it is changing to our other DC's that aren't at that remote site.
hmmm...

Top
#206332 - 2012-12-01 12:37 AM Re: call Kix from GPO [Re: swixtt]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
check the eventlogs on the rodc. is it actually serving logons?
_________________________
!

download KiXnet

Top
#206347 - 2012-12-02 04:36 PM Re: call Kix from GPO [Re: Lonkero]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Policies\Windows Setting\Scripts\Logon is the correct place to run the logon script. Is it the same windows 7 computers that are causing the issue, is it user specific, i.e. does it always fail if person x logs onto computer y?

It does sound like a slow link setting that may be causing the problem, or it may be that your computers or users are not in the correct gpo. You would be surprised how often people complain that the script doesn't work from the gpo and then its discovered that their computer or user account is in the default computer or user gpo and the script is being applied to a sub gpo such as ourdomain gpo which obviously does not include the aformentioned computer and user gpo's.

I would never have a script set to run from a specific server. It should be domain orientated because servers can go down and the group policies should be synchronised across servers, so its not a good idea to have a script run from a specific server.

It would helpful if you could test whether the script runs at all. It might be applying some of the settings, but not all of them, particularly the visible ones such as mapped drives and printers. There could be something as simple as the computer is logging on long before the network card is ready. I had a problem with a batch of computers that were new windows 7 computers and effectively the computers were booting too fast for the network card and such as users had to logoff and logon again to get the settings to apply. I fixed this by updating the network card drivers.

Top
#206497 - 2012-12-19 11:35 PM Re: call Kix from GPO [Re: Robdutoit]
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
well i have tested the script and it does run from the 'Run' in Windows Xp. this is the only machine i've moved onto the new RODC or existing Domain.
i know the GPO is applying to this user as i can setup an app to start from the GPO (Notepad)and each time it does start-up. i've since setup the proper Sites and Subnets in Active Directory but my %LogonServer% is still changing:(
the user's personal drive P: from their profile maps perfectly each time as well.
this is a Windows XP machine.

Top
#206498 - 2012-12-20 01:04 AM Re: call Kix from GPO [Re: swixtt]
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
again, have you checked your logs?
if the rodc is out of sync, it won't give you no service.
_________________________
!

download KiXnet

Top
#206499 - 2012-12-20 10:24 PM Re: call Kix from GPO [Re: Lonkero]
swixtt Offline
Fresh Scripter

Registered: 2012-01-18
Posts: 6
Loc: Canada
hi, thanks for the reply.
i've looked in every log but don't see anything unusual. the RODC will serve requests sometimes... as of late it is doing it more regularly. when it does, the script fires and i get my drive mappings.:)
i also notice when it does work and i check Slow Link it is stating NO... whenever the script doesn't run it will say YES and is directly related to authenticating to a Writable DC.
today i have been reading on a possible problem when a 2003 DC is in the Domain as they do not understand RODC. i thought i had it figured out because it was working fine for a few hours but it did eventually go to one of the 2003 DC's to authenticate. i guess i have more work to do to figure this out.
what can i look for specifically in the 'Log' to prove this is serving requests properly?

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.078 seconds in which 0.051 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org