[gptalk] Re: Running a Batch file at user logon.
- From: hans straat <hstraat@xxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 12:28:03 +0000
Anath,
Those policies can only be set at the default domain policy. account lockout
password policy etc.
Date: Thu, 31 Jan 2008 15:59:08 +0530From: ananth.rg@xxxxxxxxxxx:
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user
logon.Two more queries, I seem to be confused here...Consider this
scenario.....We have an Account lockout policy.. set at 5 invalid logons. This
is in Computer configuration.What happens if I link this policy to the OU
containing Users? If I give the Domain Computers in the scope will the policy
work for only these users?orShould I create another OU of computers and link
this policy and in the scope give the user group?For a set of "user and
computer configurations" to work for a "set of users and computers" of a
particular department should there be 2 OU's? one for users with user
configuration policies linked and the other OU with Computers with computer
configuration policies linked??hmm.... :-)
On Jan 31, 2008 3:45 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Thanks again :-)
On Jan 31, 2008 3:42 PM, hans straat <hstraat@xxxxxxx> wrote:
if you have a OU structure and no block inheritance etc configured the policy
will flow down. OU domain Computers (GPO computer policy apply desktop blabla)
OU Site Computers (will get the policy) OU Site KioskComputers (will get
the policy)as long as they are nested under the main OU :)But you can do a RSOP
planning to see if the OU get's the policy (RSOP in GPMC)
Date: Thu, 31 Jan 2008 15:21:24 +0530
From: ananth.rg@xxxxxxxxxxx: gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running
a Batch file at user logon.If the policies are linked at the domain level,
irrespective of whether its a user configuration or computer configuration will
it run?
On Jan 31, 2008 3:19 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Thanks Hans! :-)
On Jan 31, 2008 2:18 PM, hans straat <hstraat@xxxxxxx> wrote:
Anath, Computer configuration policies should be applied on the OU the
computers you target are located in. Like User policies should be applied to
the OU the targetted users reside in. regards,Hans Straatwww.datacrash.net
Date: Thu, 31 Jan 2008 09:15:41 +0530From: ananth.rg@xxxxxxxxx
To: gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user
logon.Hi Jacob,From the event viewer we got only the RSoP error, "RSoP could
not be run" anyway we manually ran that script in some 50 systems and now its
fine as internet explorer homepage was set to this mail server, so its coming
fine now! We didn't get time to test further, sorry about that, the domain had
to be up yesterday, its running fine now...Kindly send any more links of your
articles! it was great reading....cleared a lot of things for us....One basic
question.... Should Computer Configuration policies be applied on Domain
Computers or OU of Computers? regardsAnanth :-)
On Jan 29, 2008 4:36 PM, Ananth Rajagopal <ananth.rg@xxxxxxxxx> wrote:
Hi Jacob,Thanks once again for your great support.We are actually testing this
in a test environment of 6 systems. Except for this one script the rest all are
working fine.We will do the Gpresult at the earliest and will let you know.I
haven't checked the event viewer either, will do that right away.regardsAnanth.
On Jan 29, 2008 2:07 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:
Hi, It does sound like you did everything needed to make this work – a restart
is of course needed, but you took care of that you say. As this point it could
be great if you checked the event viewer for any error on the clients that
happens during startup. Later you might have to do advanced troubleshooting.
You should perform the GPRESULT command to see if the computer "picked up" the
policy at all. Note – you should probably test such a policy isolated the first
time (limited to an OU with only one computer system within it or alike).
/Jakob
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ananth RajagopalSent: 29. januar 2008 09:17To:
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Re: Running a Batch file at user logon.
Hi Jacob,Thanks for the article. It cleared a lot of doubts.We did as you said,
but we still couldn't make it work! This how we did it... please go through it
and advice on where we went wrong!In the Group Policy Objects we created a new
policy called " Intranet Mail Srv Route"We edited the policy, we set it as
Computer Configuration>Windows Settings>scripts(Startup/Shutdown)>Startup> we
showed the UNC path to the script.The scripts is stored in
"\\Tai2D.ent\SysVol\Tai2D.ent\scripts\mailsrv_route.bat" this path and this
share is accessible from all systems in the domain. The permission to this
share is "Authenticated Users Read and Execute"Next, at the domain level we
gave "Link an existing GPO" gave this GPO and enabled enforced and link
enabled.In the Security Filter windows we added "Authenticated Users" and
"Domain Computers" Next we gave gpupdate /forceWe restarted the systems several
times but still the new route is not getting added.Please analyze the steps and
kindly inform us where we have gone wrong. Have we missed anything that you
have told us? :-)Thanks for the help!regardsAnanth :-)
On Jan 25, 2008 3:49 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:
Hi again Ananth, As stated before it would, in most cases, be better to add the
route once and for all on the clients default gateway. But, you probably have
your reasons J I think there are some basic things about GP processing and
filtering you should take a look at. Maybe this blog will help
you:http://heidelbergit.blogspot.com/2008/01/yes-of-course-you-can-assign-group.html
Earlier you told me you want to "hit" all systems in the domain – in that case
all you have to do is:
1. Have the script file in a shared directory where Authenticated User or
Domain Computers have Read access
2. Create the GPO and point the Startup script to the shared script file
(Computer Configuration part on the GPO)
3. Link the GPO to the Domain Level (you don't have to change Permissions
or anything in this case)
4. Reboot all machines for the script to be executed (could take 2
reboots) However – I must warn you a bit: this will execute the script during
the next startup (or two) on ALL domain computers (including servers). Note to
#3: If all of your computers are in the "My Computers OU" you could just link
the GPO here (except computers in the Domain Controllers OU would not be hit –
if they should be hit too you could link the policy to that OU too and restart
them one after the other perhaps). If this doesn't execute on the clients you
must start troubleshooting. Look in the client eventlog to spot for any errors,
use GPRESULT to be sure the GPO applies to the computers etc. However, I do
expect this to work. Regards/Jakob
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ananth RajagopalSent: 25. januar 2008 08:27To:
gptalk@xxxxxxxxxxxxxxxxxxxx: [gptalk] Running a Batch file at user logon.
Hi All,We want to add a persistent route to all systems in 192.168.2.x network
to a server having IP 192.168.3.240.We created a route.bat batch file and
copied this command Route Add 192.168.3.240 MASK 255.255.255.255 192.168.2.254
-pThis batch file was copied to
\\Server.com\SysVol\Server.com\scripts\route.bat folder.The batch file was
placed in Computer Configuration/Windows Settings/ Scripts/StartupWe created a
new group called Harmony_Sys in Builtin folder in that Domain. Created a new OU
called Harmony Systems, moved systems on which this batch file has to be run to
this OU. Made the computer a member of the group Harmony_Sys group. >From GPMC,
We applied this route policy to this Harmony Systems OU. But the new route is
not getting created. Where have we gone wrong, is the procedure
correct.regardsAnanth.
Other related posts:
