R
Rob Humphrey
About 4 weeks ago we upgraded our NT 4 domain to Windows 2003. We
have about 1500 users and a IS department of 30 individuals. In the
past almost every member of our department was a Domain Admin, no
matter what their skill set. We know this is a problem and we would
like to fix it. So, after our in-place upgrade I created new OUs to
move our computer accounts, user accounts, servers, and groups into.
I also created a new group called IS Support that I would like to move
all of our techs (who actually do desktop support) into. We have
worked out almost every problem with them not being domain admins
anymore, but we would like them to be local admins of each computer
they visit without having to logon locally and add themselves
manually. We created a .vbs script that works exactly as we want it
and adds the group locally to each machine. Now here is the problem.
The script when placed in the Group Policy MC(on the OU in which our
test computer accounts reside) -> Computer Configuration -> Windows
Settings -> Scripts -> Startup - only works on our Windows XP clients.
We created a test OU and applied the Group Policy on only the few
objects in the OU and still only the XP machine actually runs the
script. The majority of our machines run Windows 2000 and the script
never runs or gives any kind of error. It seems as though nothing
happens at all. If we manually run the script on the Windows 2000
clients it runs fine. We have verified permissions on the share
holding the script and everyone including local system accounts have
access. All clients in this OU our pointed to our DNS servers and
have no other problems. I would greatly appreciate any suggestions or
help if anyone has seen this problem or something similiar.
Thanks,
Rob
have about 1500 users and a IS department of 30 individuals. In the
past almost every member of our department was a Domain Admin, no
matter what their skill set. We know this is a problem and we would
like to fix it. So, after our in-place upgrade I created new OUs to
move our computer accounts, user accounts, servers, and groups into.
I also created a new group called IS Support that I would like to move
all of our techs (who actually do desktop support) into. We have
worked out almost every problem with them not being domain admins
anymore, but we would like them to be local admins of each computer
they visit without having to logon locally and add themselves
manually. We created a .vbs script that works exactly as we want it
and adds the group locally to each machine. Now here is the problem.
The script when placed in the Group Policy MC(on the OU in which our
test computer accounts reside) -> Computer Configuration -> Windows
Settings -> Scripts -> Startup - only works on our Windows XP clients.
We created a test OU and applied the Group Policy on only the few
objects in the OU and still only the XP machine actually runs the
script. The majority of our machines run Windows 2000 and the script
never runs or gives any kind of error. It seems as though nothing
happens at all. If we manually run the script on the Windows 2000
clients it runs fine. We have verified permissions on the share
holding the script and everyone including local system accounts have
access. All clients in this OU our pointed to our DNS servers and
have no other problems. I would greatly appreciate any suggestions or
help if anyone has seen this problem or something similiar.
Thanks,
Rob