[gptalk] Re: Running a Batch file at user logon.

Anath,
 
Those policies can only be set at the default domain policy. account lockout  
password policy etc.


Date: Thu, 31 Jan 2008 15:59:08 +0530From: ananth.rg@xxxxxxxxxxx: 
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user 
logon.Two more queries, I seem to be confused here...Consider this 
scenario.....We have an Account lockout policy.. set at 5 invalid logons. This 
is in Computer configuration.What happens if I link this policy to the OU 
containing Users? If I give the Domain Computers in the scope will the policy 
work for only these users?orShould I create another OU of computers and link 
this policy and in the scope give the user group?For a set of "user and 
computer configurations" to work for a "set of users and computers" of a 
particular department should there be 2 OU's? one for users with user 
configuration policies linked and the other OU with Computers with computer 
configuration policies linked??hmm.... :-)
On Jan 31, 2008 3:45 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Thanks again :-) 



On Jan 31, 2008 3:42 PM, hans straat <hstraat@xxxxxxx> wrote:

if you have a OU structure and no block inheritance etc configured the policy 
will flow down. OU domain Computers (GPO computer policy apply desktop blabla)  
 OU Site Computers (will get the policy)     OU Site KioskComputers (will get 
the policy)as long as they are nested under the main OU :)But you can do a RSOP 
planning to see if the OU get's the policy (RSOP in GPMC)


Date: Thu, 31 Jan 2008 15:21:24 +0530 


From: ananth.rg@xxxxxxxxxxx: gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running 
a Batch file at user logon.If the policies are linked at the domain level, 
irrespective of whether its a user configuration or computer configuration will 
it run?
On Jan 31, 2008 3:19 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Thanks Hans! :-) 



On Jan 31, 2008 2:18 PM, hans straat <hstraat@xxxxxxx> wrote:

Anath, Computer configuration policies should be applied on the OU the 
computers you target are located in. Like User policies should be applied to 
the OU the targetted users reside in. regards,Hans Straatwww.datacrash.net 


Date: Thu, 31 Jan 2008 09:15:41 +0530From: ananth.rg@xxxxxxxxx 


To: gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user 
logon.Hi Jacob,From the event viewer we got only the RSoP error, "RSoP could 
not be run" anyway we manually ran that script in some 50 systems and now its 
fine as internet explorer homepage was set to this mail server, so its coming 
fine now! We didn't get time to test further, sorry about that, the domain had 
to be up yesterday, its running fine now...Kindly send any more links of your 
articles! it was great reading....cleared a lot of things for us....One basic 
question.... Should Computer Configuration policies be applied on Domain 
Computers or OU of Computers? regardsAnanth :-)
On Jan 29, 2008 4:36 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Hi Jacob,Thanks once again for your great support.We are actually testing this 
in a test environment of 6 systems. Except for this one script the rest all are 
working fine.We will do the Gpresult at the earliest and will let you know.I 
haven't checked the event viewer either, will do that right away.regardsAnanth. 



On Jan 29, 2008 2:07 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:


Hi, It does sound like you did everything needed to make this work – a restart 
is of course needed, but you took care of that you say. As this point it could 
be great if you checked the event viewer for any error on the clients that 
happens during startup. Later you might have to do advanced troubleshooting. 
You should perform the GPRESULT command to see if the computer "picked up" the 
policy at all. Note – you should probably test such a policy isolated the first 
time (limited to an OU with only one computer system within it or alike). 
/Jakob 
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ananth RajagopalSent: 29. januar 2008 09:17To: 
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user logon.


 
Hi Jacob,Thanks for the article. It cleared a lot of doubts.We did as you said, 
but we still couldn't make it work! This how we did it... please go through it 
and advice on where we went wrong!In the Group Policy Objects we created a new 
policy called " Intranet Mail Srv Route"We edited the policy, we set it as  
Computer Configuration>Windows Settings>scripts(Startup/Shutdown)>Startup> we 
showed the UNC path to the script.The scripts is stored in 
"\\Tai2D.ent\SysVol\Tai2D.ent\scripts\mailsrv_route.bat" this path and this 
share is accessible from all systems in the domain. The permission to this 
share is "Authenticated Users Read and Execute"Next, at the domain level we 
gave "Link an existing GPO" gave this GPO and enabled  enforced and link 
enabled.In the Security Filter windows we added "Authenticated Users" and 
"Domain Computers" Next we gave gpupdate /forceWe restarted the systems several 
times but still the new route is not getting added.Please analyze the steps and 
kindly inform us where we have gone wrong. Have we missed anything that you 
have told us? :-)Thanks for the help!regardsAnanth :-)
On Jan 25, 2008 3:49 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:

Hi again Ananth, As stated before it would, in most cases, be better to add the 
route once and for all on the clients default gateway. But, you probably have 
your reasons J I think there are some basic things about GP processing and 
filtering you should take a look at. Maybe this blog will help 
you:http://heidelbergit.blogspot.com/2008/01/yes-of-course-you-can-assign-group.html
 Earlier you told me you want to "hit" all systems in the domain – in that case 
all you have to do is: 
1.       Have the script file in a shared directory where Authenticated User or 
Domain Computers have Read access
2.       Create the GPO and point the Startup script to the shared script file 
(Computer Configuration part on the GPO)
3.       Link the GPO to the Domain Level (you don't have to change Permissions 
or anything in this case)
4.       Reboot all machines for the script to be executed (could take 2 
reboots) However – I must warn you a bit: this will execute the script during 
the next startup (or two) on ALL domain computers (including servers). Note to 
#3: If all of your computers are in the "My Computers OU" you could just link 
the GPO here (except computers in the Domain Controllers OU would not be hit – 
if they should be hit too you could link the policy to that OU too  and restart 
them one after the other perhaps). If this doesn't execute on the clients you 
must start troubleshooting. Look in the client eventlog to spot for any errors, 
use GPRESULT to be sure the GPO applies to the computers etc. However, I do 
expect this to work. Regards/Jakob 
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ananth RajagopalSent: 25. januar 2008 08:27To: 
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Running a Batch file at user logon.

 Hi All,We want to add a persistent route to all systems in 192.168.2.x network 
to a server having IP 192.168.3.240.We created a route.bat batch file and 
copied this command Route Add 192.168.3.240 MASK 255.255.255.255 192.168.2.254 
-pThis batch file was copied to 
\\Server.com\SysVol\Server.com\scripts\route.bat folder.The batch file was 
placed in Computer Configuration/Windows Settings/ Scripts/StartupWe created a 
new group called Harmony_Sys in Builtin folder in that Domain. Created a new OU 
called Harmony Systems, moved systems on which this batch file has to be run to 
this OU. Made the computer a member of the group Harmony_Sys group. >From GPMC, 
We applied this route policy to this Harmony Systems OU. But the new route is 
not getting created. Where have we gone wrong, is the procedure 
correct.regardsAnanth.

Other related posts: