[gptalk] Re: Bat File Not Executing.
- From: "Hutchinson, Alan" <Alan.Hutchinson@xxxxxxxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 7 Aug 2008 10:27:02 +0100
Harry,
As I said I haven't yet tried it (probably sometime next week).
As for your second paragraph - no need to block inheritance; this is
exactly what loopback processing in replace mode achieves.
REgards,
Alan.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Harry Singh
Sent: 06 August 2008 18:40
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Bat File Not Executing.
Alan,
i was just about to post that, since i subscribe to the THIN list and
came across that.
Since it's a VBS script, i understand when you add it to the startup of
a GPO, there are "Script Parameters". I've never leveraged this because,
truthfully, i really don't know what would be placed in here ? could
someone provide some insight as to how to properly use that field ?
A&M - as far as loopback processing goes, that makes it much clearer,
but i still need to re-read and implement to fully comprehend. I
currently have a TS/Citrix environment and am trying to wrap my head
around understanding applying user settings to the same user but
different policies. I suppose if i block policy inheritance on the GPO
that's assigned to the TS servers ou and configure machine and user
based settings this will only apply to users who are logging into that
server.
On Wed, Aug 6, 2008 at 1:12 PM, Hutchinson, Alan
<Alan.Hutchinson@xxxxxxxxxxxxxxxxxx> wrote:
I haven't tried it yet but came across this from another
freelist which may do what you want when you've sorted script execution
:
http://www.theshonkproject.com/index.php?option=com_content&task=view&id
=27&Itemid=31
<http://www.theshonkproject.com/index.php?option=com_content&task=view&i
d=27&Itemid=31>
Regards,
Alan.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: 06 August 2008 16:27
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Bat File Not Executing.
Hmm, yeah I can see how that is helpful from the teacher's
perspective. If I were you I would definitely spend some time
troubleshooting why the profiles are getting corrupted in the first
place. That shouldn't be happening.
As far as your script not executing, I recommend starting it off
with something basic just to make sure it is actually executing. A good
example would be piping the contents of ipconfig out to a text file on
the C: drive or something.
ipconfig >%SYSTEMDRIVE%\ipconfig.txt
Then go back and verify the file is created after a reboot. That
way you can be certain the script is actually running. If it is, but the
profile is not getting deleted, you know you have some kind of logic
error in the part of the script.
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Harry Singh
Sent: Tuesday, August 05, 2008 6:26 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Bat File Not Executing.
I'll be glad to elaborate.
This is a lab environment and we've implemented a combination of
mandatory profiles and GPO to control User configuration settings.
Periodically, the profile experiences problems and just doesn't load
properly. I've ran traces to see if any network connectivity issues
exist between the workstation and the server where the profile resides
and , although i see some collisions, i don't expect that to be the sole
root cause. Instead of delving more time and resources, we've found by
blowing the profile the issues resolve themselves --- and as i
mentioned, this doesn't happen too frequently, only periodically. Now,
the lab machines aren't rebooted or turned off nightly, so the deleting
of profiles on reboot is really a way for us or the teacher on site to
delete the profiles "on-demand". I'm sure there are alternate ways to
get this done, and i'm all ears.
So you're saying i can apply a GPO to an OU that just has
computer accounts ?
"To clarify, loopback policy is used when you want user
configuration policies to apply based on where the computer object
resides instead of the user object. " That's still a litte fuzzy to me,
could you provide an example that could help me further put this
confusion function to rest for me ?
Thanks
On Tue, Aug 5, 2008 at 5:27 PM, Nelson, Jamie
<Jamie.Nelson@xxxxxxx> wrote:
Delprof.exe can't delete a specific user profile, you generally
tell it the max number of days old a profile can be (from last use) and
it will delete anything older than that. I still don't understand why
you want to delete it on every reboot though. Maybe you can be kind
enough to elaborate?
Actually, you were right the first time. For startup scripts to
run they must be applied to OUs containing computer objects. You don't
need loopback policy or security filtering for that. To clarify,
loopback policy is used when you want user configuration policies to
apply based on where the computer object resides instead of the user
object.
Hope that helps. J
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Harry Singh
Sent: Tuesday, August 05, 2008 4:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Bat File Not Executing.
Jamie,
Yes, the script is deleting the documents and setting folder. I
agree this isn't very clean, but I am having trouble in negotiating the
delprof command line to delete the profile i want under my specific
parameters. Specifically, i want the profile to be deleted upon every
reboot, either during the shutdown or, preferably, during the startup of
the machine. ?
Secondly, i believe my problem was i was applying the GPO to an
OU that just had the computer accounts. I realized this can't be done,
i'd have to apply it to the OU containing the LAB user account ; since
only the Computer Config is enabled, the script will execute on whatever
machine that user logs into, correct ? That being said, what should the
loopback processing setting be on this GPO, if there are no user
configured settings on this GPO but others ?
Just to clear up any confusion, if i want machine specific
settings only to apply to computer accounts, i need to:
* Configure the Computer Configuration portion of the GPO.
* Create a Security Group and add the respective computer
accounts to this group and add it to the permissions of the GPO with the
"Apply" GPO permission ?
* Never apply GPO's to OU's that just have computer
accounts
* Enable loopback processing on a computer oriented GPO if
you have any USER Confiuration settings in that GPO, otherwise just
leave it disabled or not configured ?
On Tue, Aug 5, 2008 at 4:57 PM, Nelson, Jamie
<Jamie.Nelson@xxxxxxx> wrote:
When you say "delete the profile" are you just trying to delete
the profile folder under C:\Documents and Settings? That doesn't truly
dump the profile, as there are still some registry keys that have to be
cleaned up.
On that note, I don't think deleting the profiles on startup is
a good practice, even if they are for what I assume are temporary lab
user accounts. You're better off creating a scheduled task on the
machine to run the delprof.exe utility (from the Server Resource Kit)
which can delete all profiles that have not been used in a specified
number of days. Just my opinion though. You may have valid reason for
doing it that way so please don't take offense. J
As far as the script not executing is concerned, did you place
it in the GPO's "machine\scripts\startup" folder in SYSVOL or somewhere
else on your network?
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Harry Singh
Sent: Tuesday, August 05, 2008 3:21 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Bat File Not Executing.
All -
I've added a bat file to the startup script inside of a GPO, the
computer configuration part of the GPO. The script deletes any profile
starting with lab* and is suppose to run when the computer is restarted
so as to not run into any file locks by explorer. However, the folders
are not being deleted and when i run a gpresult, the script indicates: "
This script has not been executed"
any ideas ?
________________________________
Confidentiality Warning: This message and any attachments are
intended only for the use of the intended recipient(s), are
confidential, and may be privileged. If you are not the intended
recipient, you are hereby notified that any review, retransmission,
conversion to hard copy, copying, circulation or other use of all or any
portion of this message and any attachments is strictly prohibited. If
you are not the intended recipient, please notify the sender immediately
by return e-mail, and delete this message and any attachments from your
system.
Other related posts:
