Logon Script in AD

[EduardoA]

I am new to VSCripts. I am starting with just mapping network drives and printers. When I created the following, which works fine when I double click on it, but if I added to a GPO, it does not work. I login and nothing happens, the script does not run. What am I doing wrong?

Set WshNetwork = WScript.CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "E:", "\\server\share"

Set WshNetwork = WScript.CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "T:", "\\server\share"

strPrinterPath = "\\printserver\printername"
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection strPrinterPath

strPrinterPath = "\\printserver\printername"
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection strPrinterPath

Thanks for the help

 

[markdmac]

OK, well for starters you are duplicating effort in the script itself. you only need to use the Set command once.

Set WshNetwork = WScript.CreateObject("WScript.Network")
WshNetwork.MapNetworkDrive "E:", "\\server\share" 
WshNetwork.MapNetworkDrive "T:", "\\server\share"

strPrinterPath = "\\printserver\printername"
WshNetwork.AddWindowsPrinterConnection strPrinterPath

strPrinterPath2 = "\\printserver\printername2"
WshNetwork.AddWindowsPrinterConnection strPrinterPath2

beyond that your script looks fine. You probably have not setup your GPO right.

Assuming that you have put the script (as a .VBS file) in your login section of the GPO, you need to be aware that only users whose USER OBJECT are int he OU that you applied the GPO at will get the script. If you wish to specify users that are not part of that OU (or a child) then you need to specify the user/group explicity in the GPO settings. The last setting in the security screen is to Allow/Deny application of the GPO.

If you have done that, then you need to try refreshing the policies on your workstations.

on Windows XP execute the following from a command prompt:
gpupdate /force
On windows 2000 it is two commands:
secedit /refreshpolicy machine_policy /enforce
secedit /refreshpolicy user_policy /enforce

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[EduardoA]

Markdmac, that's for the info. Unfortunately, I did what you adviced and still having the same problem. To test the GPO I enable hiding "run" from the start menu and that works fine. But trying to get the script to run does not work.

I tried the commands for XP and 2K machines, but did not work.

I am just starting to implement GPO's, so there is no other GPO at the moment that could be blocking this one.

Please let me know if is there anything else I should look for.

Thanks for you help!

 

[EduardoA]

Markdmac, I may have found my problem. When I applied the GPO to the domain.com level, it works. Let me ask you a question??? I have created new OU's under domain.com, can I applied a GPO to those OU's. (that's what I was doing before, but did not work.)

Thanks for your help.

 

[mrmovie]

the penny has dropped. ive been busy running scripts against 8000 users to report/check if they have the right logonscript spec'. gpo, might save me some leg work!!!
still waiting for security dept to sign off logonscript but once it happens up steps the administrator from hell!!

 

[markdmac]

EduardoA,

Yes you can apply your scripts at the OUs you have created. As I explained above they will only affect the users that exist at that level or below. If the user ID is not within that tree then you have to place the script higher for it to take affect (like you discovered with the domain level).

Are you using Win2K or WIn2K3?

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[EduardoA]

I am using Win2K.

Thanks,
Eduardo

 

[markdmac]

If the above suggestions have not helped please give an outline of your AD structure and where the test user ID is located.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark