AD GPO's Computer Startup script: How

H

hecresper

Hi,

Hopefully, this doesn't turn up to be a double posting. I used FreeAgent
for my first post, but I'm not sure if it went through. So, here it goes.

I created a Workstations OU and a moved all my Domain Computers into that
OU. I created a Workstations GPO specifically for that OU. Now I want to
put that GPO to good use by leveraging the Computer Startup script portion
of it. I made sure that Domain Computers had Read and Apply Policy security
settings. I copied my script into the GPO's Computer Startup script folder.
I added the command line argument needed for my script. I clicked 'OK. The
next day my PCs are all stuck at 'Running startup scripts...' I don't know
what I'm doing wrong here. The script runs fine when done manually.

Here's the script:

@echo off
net use s: \\path-to-replicated-share\support /persistent:no

if exist s:\scriptlog\%computername%.txt goto end

net user administrator %1
echo Administrator password changed > s:\scriptlog\%computername%.txt

:end
net use s: /delete

The %1 gets expanded from the command line argument supplied in the GPO.

Anyone knows of maybe a checklist that I could go through to make sure I
didn't miss something?

Thanks,
Hector
 
D

David Fisher [MSFT]

Hello Hector.

It appears that you should be implementing a logon script, not a startup
script. Startup scripts operate in the context of the computer, not a user.
Mapping a network drive for the computer is not possible...

Instead, please implement this as a logon script for the users.

David Fisher
Enterprise Platform Support
 
H

hecresper

So, if I implement this as a Logon script, would the user be able to change
the Local Admin's password? That's why I was trying to get the computer to
do this. Thanks for your replies.

Local Administrators group only has Domain Admins and Local Admin as
members.

Local Users group is completely empty.

Local Power Users group only has Domain Users.
 
D

David Fisher [MSFT]

Hello.

The problem is likely the commands to map a network drive.

Please remove the instructions to map the drive. Then, simply use the
following UNC path instead of "s:\scriptlog\%computername%.txt" to specify
the output redirection:
\\path-to-replicated-share\support\scriptlog\%computername%.txt

The full command will be as follows:
echo Administrator password changed >
\\path-to-replicated-share\support\scriptlog\%computername%.txt

It would be more secure to get a list of all workstations in the domain and
run the command at one time from a domain controller...

David Fisher
Enterprise Platform Support
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD GPO & Logon Scripts 1
Problems with 'startup script' running via GPO. 1
Different levels of startup scripts 2
Logon script not working 3
Startup Script after Software Installation Fails Over VPN 2
startup script on winxp 6
startup script execution 4
GPO's are not affecting Users in the OU. 2

Top