[gptalk] Re: Bat File Not Executing.

  • From: Shane Williford <shane.williford@xxxxxxxxxx>
  • To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 5 Aug 2008 18:29:05 -0500

I'm with ya on that Harry...I've read about loopback and still the wheels can't 
stop churning to be able to understand what that is exactly. :)

Shane

________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of 
Harry Singh [hboogz@xxxxxxxxx]
Sent: Tuesday, August 05, 2008 6:25 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Bat File Not Executing.

I'll be glad to elaborate.

This is a lab environment and we've implemented a combination of mandatory 
profiles and GPO to control User configuration settings. Periodically, the 
profile experiences problems and just doesn't load properly. I've ran traces to 
see if any network connectivity issues exist between the workstation and the 
server where the profile resides and , although i see some collisions, i don't 
expect that to be the sole root cause. Instead of delving more time and 
resources, we've found by blowing the profile the issues resolve themselves --- 
and as i mentioned, this doesn't happen too frequently, only periodically. Now, 
the lab machines aren't rebooted or turned off nightly, so the deleting of 
profiles on reboot is really a way for us or the teacher on site to delete the 
profiles "on-demand". I'm sure there are alternate ways to get this done, and 
i'm all ears.

So you're saying i can apply a GPO to an OU that just has computer accounts ?

"To clarify, loopback policy is used when you want user configuration policies 
to apply based on where the computer object resides instead of the user object. 
" That's still a litte fuzzy to me, could you provide an example that could 
help me further put this confusion function to rest for me ?

Thanks



On Tue, Aug 5, 2008 at 5:27 PM, Nelson, Jamie 
<Jamie.Nelson@xxxxxxx<mailto:Jamie.Nelson@xxxxxxx>> wrote:

Delprof.exe can't delete a specific user profile, you generally tell it the max 
number of days old a profile can be (from last use) and it will delete anything 
older than that. I still don't understand why you want to delete it on every 
reboot though. Maybe you can be kind enough to elaborate?



Actually, you were right the first time. For startup scripts to run they must 
be applied to OUs containing computer objects. You don't need loopback policy 
or security filtering for that. To clarify, loopback policy is used when you 
want user configuration policies to apply based on where the computer object 
resides instead of the user object.



Hope that helps. :)



From: gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx> 
[mailto:gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Harry Singh
Sent: Tuesday, August 05, 2008 4:13 PM
To: gptalk@xxxxxxxxxxxxx<mailto:gptalk@xxxxxxxxxxxxx>
Subject: [gptalk] Re: Bat File Not Executing.



Jamie,

Yes, the script is deleting the documents and setting folder. I agree this 
isn't very clean, but  I am having trouble in negotiating the delprof command 
line to delete the profile i want under my specific parameters. Specifically, i 
want the profile to be deleted upon every reboot, either during the shutdown 
or, preferably, during the startup of the machine. ?

Secondly, i believe my problem was i  was applying the GPO to an OU that just 
had the computer accounts. I realized this can't be done, i'd have to apply it 
to the OU containing the LAB user account ; since only the Computer Config is 
enabled, the script will execute on whatever machine that user logs into, 
correct ? That being said, what should the loopback processing setting be on 
this GPO, if there are no user configured settings on this GPO but others ?

Just to clear up any confusion, if i want machine specific settings only to 
apply to computer accounts, i need to:

 *   Configure the Computer Configuration portion of the GPO.
 *   Create a Security Group and add the respective computer accounts to this 
group and add it to the permissions of the GPO with the "Apply" GPO permission ?
 *   Never apply GPO's to OU's that just have computer accounts
 *   Enable loopback processing on a computer oriented GPO if you have any USER 
Confiuration settings in that GPO, otherwise just leave it disabled or not 
configured ?



On Tue, Aug 5, 2008 at 4:57 PM, Nelson, Jamie 
<Jamie.Nelson@xxxxxxx<mailto:Jamie.Nelson@xxxxxxx>> wrote:

When you say "delete the profile" are you just trying to delete the profile 
folder under C:\Documents and Settings? That doesn't truly dump the profile, as 
there are still some registry keys that have to be cleaned up.



On that note, I don't think deleting the profiles on startup is a good 
practice, even if they are for what I assume are temporary lab user accounts. 
You're better off creating a scheduled task on the machine to run the 
delprof.exe utility (from the Server Resource Kit) which can delete all 
profiles that have not been used in a specified number of days. Just my opinion 
though. You may have valid reason for doing it that way so please don't take 
offense. :)



As far as the script not executing is concerned, did you place it in the GPO's 
"machine\scripts\startup" folder in SYSVOL or somewhere else on your network?



From: gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx> 
[mailto:gptalk-bounce@xxxxxxxxxxxxx<mailto:gptalk-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Harry Singh
Sent: Tuesday, August 05, 2008 3:21 PM
To: gptalk@xxxxxxxxxxxxx<mailto:gptalk@xxxxxxxxxxxxx>
Subject: [gptalk] Bat File Not Executing.



All -

I've added a bat file to the startup script inside of a GPO, the computer 
configuration part of the GPO. The script deletes any profile starting with 
lab* and is suppose to run when the computer is restarted so as to not run into 
any file locks by explorer. However, the folders are not being deleted and when 
i run a gpresult, the script indicates: " This script has not been executed"

any ideas ?

________________________________

Confidentiality Warning: This message and any attachments are intended only for 
the use of the intended recipient(s), are confidential, and may be privileged. 
If you are not the intended recipient, you are hereby notified that any review, 
retransmission, conversion to hard copy, copying, circulation or other use of 
all or any portion of this message and any attachments is strictly prohibited. 
If you are not the intended recipient, please notify the sender immediately by 
return e-mail, and delete this message and any attachments from your system.




________________________________
Notice: The information transmitted in this e-mail may contain confidential 
and/ or legally privileged information intended only for the use of the 
individual(s) named above. Review, use, disclosure, distribution, or forwarding 
of this information by persons or entities other than the intended recipient(s) 
is prohibited by law and may subject them to criminal or civil liabilities. 
Statements and opinion expressed in this e-mail may not represent those of 
Mazuma Credit Union. All e-mail communications through Mazuma's corporate email 
system are subject to archiving and review by someone other than the recipient. 
If you have received this communication in error, please notify the sender 
immediately and delete/destroy any and all copies of the original message from 
any computer or network system.
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: