[gptalk] Re: Applaunch.wsf in Vista works better Synchronously?
- From: Darren Mar-Elia <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 7 Jun 2007 16:35:40 -0400
Mark-
I am enroute home from TechEd or I would check the script in more detail to see
exactly what its doing, but I know that you only need it when the user running
it is a local admin, so it does have something to do with UAC blocking the
script when it runs interactively. My quick assumption was that it was using
Task Scheduler to run the script on behalf of the user to get around the UAC
issue. The limited token thing is new to me, though not necessarily wrong.
As for the synchronous issue, setting scripts to run synchronously forces them
to run one after the other instead of simultaneously so perhaps there is a race
condition that occurs when two scripts try to create the Task Scheduler job at
the same time.
Darren
-----Original Message-----
From: "Mills, Mark" <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx
Sent: 6/7/2007 10:21 AM
Subject: [gptalk] Applaunch.wsf in Vista works better Synchronously?
I can't get 2 GPO based logon scripts (using launchapp.wsf ) to work on
the same client unless I set the GPO's to run synchronously ???Why???
Factors: Each user is a local Administrator (but not a Domain Admin).
Second, I thought the launchapp.wsf was elevating
priviledges to map the drives, not hiding them through the use of a
limited token - I'm getting this per AdamV's post at
http://www.gpanswers.com/community/viewtopic.php?p=5625#5625 I'll be
reading up on this...
Since I am getting each mapped drive script to work individually, it
tells me that I have two correctly written GPO's. When used together,
only the first applied GPO will map the drives, the second GPO shows
launchapp.wsf scheduling and completing its script but leaving no mapped
drives.
I cannot help but think that there is something behind running a Windows
Host Script to get the limited token twice that is causing my issue.
Could the same user be getting two different "limited tokens" causing it
to see only once set of mapped drives?
Having these two GPO's applied only works correctly when run
synchronously, Why?, and did the tokens have anything to do with it?
Mark Mills,
Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Mills, Mark
Sent: June 06, 2007 3:31 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Vista logon scripts: launchapp.wsf can only be run
once per logon, not once per GPO?
Does anyone know if you can only have one instance of launchapp.wsf run
at logon?
I'm having difficulty running 2 logon script GPO's simultaneously in
Vista (they each map drives). Both use launchapp.wsf to elevate
privileges and individually the GPO's run fine, however when I apply
both GPO's in the same OU the one that runs first will execute, the one
that runs last will execute with the pop up telling you it is scheduling
a job but it does not map drives. I gave each GPO launchapp.wsf file
it's own pop up "echo" message to confirm this.
[truncated by sender]
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
