[gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 29 Nov 2006 11:42:01 -0800

Omar-
I haven't tried FR on Vista--but there is a symbolic link for My Documents
in Vista that automatically links to the new location so I'm surprised it
would fail. What happens if you specify the new path explicitly in the GP?

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Omar Droubi
Sent: Wednesday, November 29, 2006 11:37 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

OK here is my curve ball:
(NO AV installed)

New domain users- only user rights in domain and on workstation and UAC is
enabled.

I used your exact script Michael, except I changed the server name and
created the folders and shares.

The GPO does two things: 1- redirects "My Docs" to G: and 2- runs logon
script.

The result is as follows:
1. Logon script ran without issue.
2. The My docs folder was created on the G:\newuser\my documents
3. The My docs was not redirected but on the Vista system it is no longer
called My docs it is called "documents." 

Darren- On point #3 am I doing something wrong or did I miss something with
the folder redirection? Do I need to load a new template for Vista to allow
"Documents" redirection?

Thanks,

Omar

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Michael Pietrzak
Sent: Wednesday, November 29, 2006 10:58 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Well, it's working now. I did in fact have to turn off UAC. Once UAC was
disabled, my vbs scripts all ran. That includes scripts run from a GP,
and scripts populated into the login script field for a user account in
ADUC.

Not really sure where to go from here. Not enough experience with Vista.
Are there GP's that are going to allow me to enter in exemptions?

None the less, there was never anything populated into the event log.

Omar, I will be interested to see what your results are like.

Michael 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 9:28 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Below

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Wednesday, November 29, 2006 9:18 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael and Darren,

1st lets not forget that Michael stated in a previous message:
"Also, gpresult does show that the gp in question is being applied."


[Darren] With respect to scripts, the application of scripts policy,
which is what gpresult tells you about, is independent from whether the
script ran or not. That gpresult gave success simply means that Windows
knew which script to run. 

2nd- this has to be a relevant issue since Michael was able to find
other posts on the Internet.

[Darren] I don't doubt its relevant--the question is whether logon
scripts are just broken or if its an "environmental" issue. Note also
that I tested .bat logon scripts and they also worked fine.


3rd- Michael- can you just put the path to the particular logon script
into the user profile logon script setting using AD users and computers
to see if that works?

4th- not sure if this matters too much but, did either of you already
upgrade your domains to support Windows 2003 R2? I don think this makes
a difference but it is worth checking into.

[Darren] My guess is that server version is irrelevant, since the server
plays no part here other than as a file server.

5th- What about AV? Since I was only able to find Beta SW for AV I am
wondering if Michael has any AV, antispyware or something else that may
be blocking this.

[Darren] good point. I had no anti-virus running

I am just using the beta PC cillin on my vista workstations until I get
my hands on the beta Trend OfficeScan SMB suite.

I will test this myself today to get one more result since I have
several clients using both user logon and computer startup vbscripts.

Later,

Omar
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 9:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Sure. Its possible that its still a UAC issue. Does your script throw
any errors or do you just not get any drive mappings? You might also
want to look in the System event log to see if you get any userinit
events--in pre-Vista, those were the events that related to scripts

Darren

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Wednesday, November 29, 2006 8:53 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Well this is just craptastic. Now I have to figure out why my scripts
aren't running. Well, I guess can rewrite them. It's just so odd that
they work in XP but not Vista.

At least now that I have purchased TechNet Direct, I get two free PSS
calls. :)

Thanks again for testing that for me Darren,

Michael 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 8:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Yes. This was a default Vista Business Edition install. UAC enabled,
user is not an admin, etc.

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Wednesday, November 29, 2006 8:43 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Was UAC enabled?

Michael 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, November 29, 2006 8:01 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-
I finally got around to testing this on Vista RTM and had no problem
running a vbs drive mapping logon script for a normal user. I'm not sure
what the stuff below is all about. My script simply mapped a drive to a
share.

Darren


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 9:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?


Hi Darren,

I checked the post again and there was no file or attachment of any
kind. As a matter of fact, I went to make a reply and there wasn't even
a function to add and attachment. <scratching head>

I hope you can get use your connections to get the facts straight on
this.
Just a quick search for "login scripts" and "map drive scripts" shows a
great number of people having this problem. All the answers from Mr.
Prashanth simply state that it's a LUA\UAC problem. No solution is ever
given and the text I sent you seems to be his most complete work to
date.

Have you given a shot at replicating this with a simple VBS script? I
will disable UAC tomorrow and see what happens then.

Thanks again and I'll be crossing my fingers.

Michael

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx on behalf of Darren Mar-Elia
Sent: Mon 11/27/2006 5:15 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?
 
This is hilarious. They can't possibly think the thousands of orgs that
use logon scripts are going to put up with this? I'm going to bring this
up during our monthly MVP call with the GP product team. There has to be
another way to do this (aside from disabling UAC, of course).


Thanks for tracking this down Michael. Just for curiosity sake, can you
post the scripts referenced below?

 

 

Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 5:10 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

 

Darren-

 

I just came across this little tidbit in the technet Vista forums.
People seem pretty p.o'd regarding this answer to login scripts in
vista. People seem to be thinking that you now need two scripts to just
run one. Any thoughts on this?

 

Michael

 

 Sorry about the delay. Here's an explanation of what you are seeing and
the

official recomendation. 

Explanation for what you are seeing and workaround : 

By default Group policy service executes scripts in an elevated mode.
There are some scripts like 'Map network drives' that would need to be
run in UAP mode. In order to launch such scripts in a UAP context from
an elevated process, you can leverage the Task scheduler API. Here is a
sample script: 
Launchapp.wsf 

Usage: cscript launchapp.wsf <AppPath> 


If the user wants to run a GP logon script Script-UAP.wsf and requires
it to run in UAP context because it is mapping drives for the user then,
create

another script Launch-Script-UAP.wsf which will just use the sample
script above to launch Script-UAP.wsf in UAP mode. Deploy this script as
GP logon script. 

I'm attaching the LaunchApp sample script too. 

This change will also be communicated via KB, Vista GP document or
otherwise. 

Let me know if you still have issues. 

Thanks,
Prashanth
Vista Remote File Systems. 

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Darren Mar-Elia
Sent: Monday, November 27, 2006 1:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-

What happens if you set the logon scripts to run hidden (using policy)?

 

Darren

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 1:02 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

 

Thanks Darren,

 

I just checked the Minasi boards and couldn't find anything there. I'll
keep googling and trying to see what's going on. I had not yet checked
the event log so perhaps something is in there as well.

 

I should have made my problem more clear. The VBS scripts are logon
scripts that basically map drives. Nothing too fancy.

 

Thanks again! Let's hope there is a solution besides the "will be
supported on Longhorn server group policies".

 

Michael

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Darren Mar-Elia
Sent: Monday, November 27, 2006 12:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Vista in Win2k3 domain - VBS Logon scripts?

Michael-

My guess is that this is a UAC issue. I have heard it come up once
before with Vista. Not sure though-I will try to dig some more.

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On
Behalf Of Michael Pietrzak
Sent: Monday, November 27, 2006 12:53 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Vista in Win2k3 domain - VBS Logon scripts?

 

Hello all-

 

I am now running Vista in my windows 2003 domain and one of the first
things I noticed was that my VBS scripts that normally run on XP are no
longer being processed. 

 

Now is the problem stemming from the fact that the script is set in a
GPO and the Vista box can't interpret it or is it a security issue in
Vista that I have to dig through to allow it to run.

 

Thanks guys in advanced for any thoughts.

 

Michael



***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at //www.freelists.org/archives/gptalk/
************************

Other related posts: