[gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

  • From: "Michael Pietrzak" <mpietrzak@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 29 Nov 2006 09:24:41 -0800

Good morning Omar,

Thanks for the post! Just the other day I was thinking of putting the
script into AD user account and seeing what happens. I will try that
within the hour.

Regarding AV, nope, none. Just a clean install of Vista Ultimate from
TechNet download.

Regaring 2003 R2, no, we have no R2 DC's in place.

For those interested, here is my VBS script as it exists today...

Dim objNet, strUserName

Set objNet = CreateObject("Wscript.Network")

strUserName =objNet.UserName

on error resume next

'Home
objNet.MapNetworkDrive "H:", "\\file\users\" & strUserName

' Groups
objNet.MapNetworkDrive "G:", "\\file\groups"

' Public for installs
objNet.MapNetworkDrive "P:", "\\file\public"

' Apps for decompressed and run from
objNet.MapNetworkDrive "X:", "\\file\apps"


' force Automatic Update to resync

DIM objShell
set objShell = wscript.createObject("wscript.shell")
iReturn = objShell.Run("wuauclt.exe /resetauthorization /detectnow", 1,
TRUE)



WSCript.Quit

 
Thanks again! I will let you know what happens today after more testing.
 
Michael



-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Wednesday, November 29, 2006 9:18 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael and Darren,

1st lets not forget that Michael stated in a previous message:
"Also, gpresult does show that the gp in question is being applied."

2nd- this has to be a relevant issue since Michael was able to find
other posts on the Internet.

3rd- Michael- can you just put the path to the particular logon script
into the user profile logon script setting using AD users and computers
to see if that works?

4th- not sure if this matters too much but, did either of you already
upgrade your domains to support Windows 2003 R2? I don think this makes
a difference but it is worth checking into.

5th- What about AV? Since I was only able to find Beta SW for AV I am
wondering if Michael has any AV, antispyware or something else that may
be blocking this.

I am just using the beta PC cillin on my vista workstations until I get
my hands on the beta Trend OfficeScan SMB suite.

I will test this myself today to get one more result since I have
several clients using both user logon and computer startup vbscripts.

Later,

Omar
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 9:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Sure. Its possible that its still a UAC issue. Does your script throw
any errors or do you just not get any drive mappings? You might also
want to look in the System event log to see if you get any userinit
events--in pre-Vista, those were the events that related to scripts

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Wednesday, November 29, 2006 8:53 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Well this is just craptastic. Now I have to figure out why my scripts
aren't running. Well, I guess can rewrite them. It's just so odd that
they work in XP but not Vista.

At least now that I have purchased TechNet Direct, I get two free PSS
calls. :)

Thanks again for testing that for me Darren,

Michael

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 8:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Yes. This was a default Vista Business Edition install. UAC enabled,
user is not an admin, etc.

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Wednesday, November 29, 2006 8:43 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Was UAC enabled?

Michael

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 8:01 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-
I finally got around to testing this on Vista RTM and had no problem
running a vbs drive mapping logon script for a normal user. I'm not sure
what the stuff below is all about. My script simply mapped a drive to a
share.

Darren


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 9:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?


Hi Darren,

I checked the post again and there was no file or attachment of any
kind. As a matter of fact, I went to make a reply and there wasn't even
a function to add and attachment. <scratching head>

I hope you can get use your connections to get the facts straight on
this.
Just a quick search for "login scripts" and "map drive scripts" shows a
great number of people having this problem. All the answers from Mr.
Prashanth simply state that it's a LUA\UAC problem. No solution is ever
given and the text I sent you seems to be his most complete work to
date.

Have you given a shot at replicating this with a simple VBS script? I
will disable UAC tomorrow and see what happens then.

Thanks again and I'll be crossing my fingers.

Michael

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Darren Mar-Elia
Sent: Mon 11/27/2006 5:15 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

This is hilarious. They can't possibly think the thousands of orgs that
use logon scripts are going to put up with this? I'm going to bring this
up during our monthly MVP call with the GP product team. There has to be
another way to do this (aside from disabling UAC, of course).


Thanks for tracking this down Michael. Just for curiosity sake, can you
post the scripts referenced below?





Darren





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 5:10 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?



Darren-



I just came across this little tidbit in the technet Vista forums.
People seem pretty p.o'd regarding this answer to login scripts in
vista. People seem to be thinking that you now need two scripts to just
run one. Any thoughts on this?



Michael



 Sorry about the delay. Here's an explanation of what you are seeing and
the

official recomendation.

Explanation for what you are seeing and workaround :

By default Group policy service executes scripts in an elevated mode.
There are some scripts like 'Map network drives' that would need to be
run in UAP mode. In order to launch such scripts in a UAP context from
an elevated process, you can leverage the Task scheduler API. Here is a
sample script:
Launchapp.wsf

Usage: cscript launchapp.wsf <AppPath>


If the user wants to run a GP logon script Script-UAP.wsf and requires
it to run in UAP context because it is mapping drives for the user then,
create

another script Launch-Script-UAP.wsf which will just use the sample
script above to launch Script-UAP.wsf in UAP mode. Deploy this script as
GP logon script.

I'm attaching the LaunchApp sample script too.

This change will also be communicated via KB, Vista GP document or
otherwise.

Let me know if you still have issues.

Thanks,
Prashanth
Vista Remote File Systems.





  _____ 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Darren Mar-Elia
Sent: Monday, November 27, 2006 1:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-

What happens if you set the logon scripts to run hidden (using policy)?



Darren





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 1:02 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?



Thanks Darren,



I just checked the Minasi boards and couldn't find anything there. I'll
keep googling and trying to see what's going on. I had not yet checked
the event log so perhaps something is in there as well.



I should have made my problem more clear. The VBS scripts are logon
scripts that basically map drives. Nothing too fancy.



Thanks again! Let's hope there is a solution besides the "will be
supported on Longhorn server group policies".



Michael





  _____ 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Darren Mar-Elia
Sent: Monday, November 27, 2006 12:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-

My guess is that this is a UAC issue. I have heard it come up once
before with Vista. Not sure though-I will try to dig some more.





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 12:53 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Vista in Win2k3 domain - VBS Logon scripts?



Hello all-



I am now running Vista in my windows 2003 domain and one of the first
things I noticed was that my VBS scripts that normally run on XP are no
longer being processed.



Now is the problem stemming from the fact that the script is set in a
GPO and the Vista box can't interpret it or is it a security issue in
Vista that I have to dig through to allow it to run.



Thanks guys in advanced for any thoughts.



Michael



***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************


Other related posts: