[gptalk] Re: Running a Batch file at user logon.

  • From: "Ananth Rajagopal" <ananth.rg@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 31 Jan 2008 15:59:08 +0530

Two more queries, I seem to be confused here...

Consider this scenario.....

We have an Account lockout policy.. set at 5 invalid logons. This is in
Computer configuration.

What happens if I link this policy to the OU containing Users? If I give the
Domain Computers in the scope will the policy work for only these users?

or

Should I create another OU of computers and link this policy and in the
scope give the user group?

For a set of "user and computer configurations" to work for a "set of users
and computers" of a particular department should there be 2 OU's? one for
users with user configuration policies linked and the other OU with
Computers with computer configuration policies linked??

hmm.... :-)





On Jan 31, 2008 3:45 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:

> Thanks again :-)
>
>
> On Jan 31, 2008 3:42 PM, hans straat <hstraat@xxxxxxx> wrote:
>
> > if you have a OU structure and no block inheritance etc configured the
> > policy will flow down.
> >
> > OU domain Computers (GPO computer policy apply desktop blabla)
> >    OU Site Computers (will get the policy)
> >      OU Site KioskComputers (will get the policy)
> >
> > as long as they are nested under the main OU :)
> > But you can do a RSOP planning to see if the OU get's the policy (RSOP
> > in GPMC)
> >
> > ------------------------------
> > Date: Thu, 31 Jan 2008 15:21:24 +0530
> >
> > From: ananth.rg@xxxxxxxxx
> > To: gptalk@xxxxxxxxxxxxx
> > Subject: [gptalk] Re: Running a Batch file at user logon.
> >
> > If the policies are linked at the domain level, irrespective of whether
> > its a user configuration or computer configuration will it run?
> >
> > On Jan 31, 2008 3:19 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
> >
> > Thanks Hans! :-)
> >
> >
> > On Jan 31, 2008 2:18 PM, hans straat <hstraat@xxxxxxx> wrote:
> >
> > Anath,
> >
> > Computer configuration policies should be applied on the OU the
> > computers you target are located in.
> >
> > Like User policies should be applied to the OU the targetted users
> > reside in.
> >
> > regards,
> > Hans Straat
> > www.datacrash.net
> >
> >
> >
> >
> >  ------------------------------
> > Date: Thu, 31 Jan 2008 09:15:41 +0530
> > From: ananth.rg@xxxxxxxxx
> >
> > To: gptalk@xxxxxxxxxxxxx
> > Subject: [gptalk] Re: Running a Batch file at user logon.
> >
> > Hi Jacob,
> >
> > From the event viewer we got only the RSoP error, "RSoP could not be
> > run" anyway we manually ran that script in some 50 systems and now its fine
> > as internet explorer homepage was set to this mail server, so its coming
> > fine now! We didn't get time to test further, sorry about that, the domain
> > had to be up yesterday, its running fine now...
> >
> > Kindly send any more links of your articles! it was great
> > reading....cleared a lot of things for us....
> >
> > One basic question.... Should Computer Configuration policies be applied
> > on Domain Computers or OU of Computers?
> >
> > regards
> > Ananth :-)
> >
> >
> >
> >
> >
> > On Jan 29, 2008 4:36 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
> >
> > Hi Jacob,
> >
> > Thanks once again for your great support.
> >
> > We are actually testing this in a test environment of 6 systems. Except
> > for this one script the rest all are working fine.
> >
> > We will do the Gpresult at the earliest and will let you know.
> >
> > I haven't checked the event viewer either, will do that right away.
> >
> > regards
> > Ananth.
> >
> >
> > On Jan 29, 2008 2:07 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx>
> > wrote:
> >
> >  Hi,
> >
> > It does sound like you did everything needed to make this work – a
> > restart is of course needed, but you took care of that you say.
> >
> > As this point it could be great if you checked the event viewer for any
> > error on the clients that happens during startup. Later you might have to do
> > advanced troubleshooting.
> >
> > You should perform the GPRESULT command to see if the computer "picked
> > up" the policy at all.
> >
> > Note – you should probably test such a policy isolated the first time
> > (limited to an OU with only one computer system within it or alike).
> >
> > /Jakob
> >
> > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > *On Behalf Of *Ananth Rajagopal
> > *Sent:* 29. januar 2008 09:17
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Re: Running a Batch file at user logon.
> >
> >
> > Hi Jacob,
> >
> > Thanks for the article. It cleared a lot of doubts.
> >
> > We did as you said, but we still couldn't make it work! This how we did
> > it... please go through it and advice on where we went wrong!
> >
> > In the Group Policy Objects we created a new policy called " Intranet
> > Mail Srv Route"
> > We edited the policy, we set it as  Computer Configuration>Windows
> > Settings>scripts(Startup/Shutdown)>Startup> we showed the UNC path to the
> > script.
> >
> > The scripts is stored in
> > "\\Tai2D.ent\SysVol\Tai2D.ent\scripts\mailsrv_route.bat" this path and this
> > share is accessible from all systems in the domain. The permission to this
> > share is "Authenticated Users Read and Execute"
> >
> > Next, at the domain level we gave "Link an existing GPO" gave this GPO
> > and enabled  enforced and link enabled.
> >
> > In the Security Filter windows we added "Authenticated Users" and
> > "Domain Computers"
> >
> > Next we gave gpupdate /force
> >
> > We restarted the systems several times but still the new route is not
> > getting added.
> >
> > Please analyze the steps and kindly inform us where we have gone wrong.
> > Have we missed anything that you have told us? :-)
> >
> > Thanks for the help!
> > regards
> > Ananth :-)
> >
> >
> >
> > On Jan 25, 2008 3:49 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx>
> > wrote:
> >  Hi again Ananth,
> >
> > As stated before it would, in most cases, be better to add the route
> > once and for all on the clients default gateway. But, you probably have your
> > reasons J
> >
> > I think there are some basic things about GP processing and filtering
> > you should take a look at. Maybe this blog will help you:
> >
> > http://heidelbergit.blogspot.com/2008/01/yes-of-course-you-can-assign-group.html
> >
> > Earlier you told me you want to "hit" all systems in the domain – in
> > that case all you have to do is:
> >
> >
> > 1.       Have the script file in a shared directory where Authenticated
> > User or Domain Computers have Read access
> >
> > 2.       Create the GPO and point the Startup script to the shared
> > script file (Computer Configuration part on the GPO)
> >
> > 3.       Link the GPO to the Domain Level (you don't have to change
> > Permissions or anything in this case)
> >
> > 4.       Reboot all machines for the script to be executed (could take 2
> > reboots)
> >
> > However – I must warn you a bit: this will execute the script during the
> > next startup (or two) on ALL domain computers (including servers).
> >
> > Note to #3: If all of your computers are in the "My Computers OU" you
> > could just link the GPO here (except computers in the Domain Controllers OU
> > would not be hit – if they should be hit too you could link the policy to
> > that OU too  and restart them one after the other perhaps).
> >
> > If this doesn't execute on the clients you must start troubleshooting.
> > Look in the client eventlog to spot for any errors, use GPRESULT to be sure
> > the GPO applies to the computers etc. However, I do expect this to work.
> >
> > Regards
> > /Jakob
> >
> > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
> > *On Behalf Of *Ananth Rajagopal
> > *Sent:* 25. januar 2008 08:27
> > *To:* gptalk@xxxxxxxxxxxxx
> > *Subject:* [gptalk] Running a Batch file at user logon.
> >
> > Hi All,
> >
> > We want to add a persistent route to all systems in 192.168.2.x network
> > to a server having IP 192.168.3.240.
> >
> > We created a route.bat batch file and copied this command
> >
> > Route Add 192.168.3.240 MASK 255.255.255.255 192.168.2.254 -p
> >
> > This batch file was copied to
> > \\Server.com\SysVol\Server.com\scripts\route.bat folder.
> >
> > The batch file was placed in Computer Configuration/Windows Settings/
> > Scripts/Startup
> >
> > We created a new group called Harmony_Sys in Builtin folder in that
> > Domain. Created a new OU called Harmony Systems, moved systems on which this
> > batch file has to be run to this OU. Made the computer a member of the group
> > Harmony_Sys group.
> >
> > >From GPMC, We applied this route policy to this Harmony Systems OU.
> >
> > But the new route is not getting created. Where have we gone wrong, is
> > the procedure correct.
> >
> > regards
> > Ananth.
> >
> >
> >
> >
> >
> >
> >
>

Other related posts: