[gptalk] Re: Bat File Not Executing.

  • From: "Harry Singh" <hboogz@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 8 Sep 2008 13:44:52 -0400

Jeremy -

That's a great idea and code..thank you very much.



On Mon, Sep 8, 2008 at 12:34 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx> wrote:

>  …Or you can create the scheduled task with the GPP extensions… J
>
>
>
> *Jamie Nelson* | Operations Consultant | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: 405.552.8054 | Mobile: 405.200.8088 |
> http://www.dvn.com
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jeremy Saunders
> *Sent:* Monday, September 08, 2008 10:22 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Hi Harry,
>
>
>
> Just use psexec to role it out across all machines.
>
>
>
> ---------start of script-------------
>
> set LISTFILE=computerlist.txt
>
> Set DRIVE=C
>
> for /F %%i in (%LISTFILE%) do (
>
> copy /y "DeleteProfiles.cmd" "\\%%i\%DRIVE%$\Windows\DeleteProfiles.cmd"
>
> copy /y "DeleteProfiles.vbs" "\\%%i\%DRIVE%$\Windows\DeleteProfiles.vbs"
>
> psexec.exe \\%%i cmd.exe /c SCHTASKS /Create /TN "Delete inactive profiles"
> /RU "NT AUTHORITY\SYSTEM" /ST 02:30 /SC Daily /F /TR
> "%SystemRoot%\DeleteProfiles.cmd"
>
> )
>
> Exit /b 0
>
> ----------end of script-----------
>
>
>
> Note: You may need to modify this script for your environment.
>
>
>
> Create a computerlists.txt file that contains all 20 machines.
>
> Place the above batch script, computerlists.txt, DeleteProfiles.cmd,
> DeleteProfiles.vbs, and psexec.exe in the same folder.
>
> Execute the batch script.
>
>
>
> It's that simple.
>
>
>
> Cheers,
>
> Jeremy.
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Monday, 8 September 2008 9:33 PM
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Hey Guys,
>
> Thanks for the feedback.
>
> Jeremy -- I realized that cscript needed to be ran after you're
> suggestion..
>
> i created a batch file that calls this VBS script and I placed the VBS
> script within the NETLOGON of the DC. So the batch file looks something like
> this:
>
> @echo off
>
> cscript.exe \\domaincontroller\NETLOGON\deleteprofiles.vbs
>
> I haven't tested if this is working yet.
>
> I do agree and i might just have to use this as a scheduled task, but i'm
> trying to have this script run on over 20 machines and was hoping not to
> manually visit each machine to add this to scheduled task.
>
>  On Mon, Sep 8, 2008 at 4:12 AM, Jeremy Saunders <
> Jeremy.Saunders@xxxxxxxxxxxxxx> wrote:
>
> Hi Darren,
>
>
>
> I guess there are two parts to this and I probably should have been clearer
> with my answer. My answer was aimed at this specific task, not a general
> answer.
>
>
>
> Personally I would always want to ensure that these vbscripts run silently
> using cscript.exe, and output to a log file for review as needed. In many
> environment Cscript.exe is not always the default script host, and running
> this script without parameters doesn't give you the logging you need.
>
>
>
> You are correct. The Local System account may suffice for this script. As
> someone who has migrated from using delprof.exe to this new
> deleteprofiles.vbs, I had just assumed that
> http://support.microsoft.com/kb/262223 would still apply, so I have not
> changed the way I am deploying it. Needs further testing though.
>
>
>
> However, as per my blog, my method of deployment works 100%, and will
> process everyday regardless of a reboot. I believe the use of a scheduled
> task is more appropriate than a startup script in this case, unless Harry is
> restarting his Citrix servers every day.
>
>
>
> Cheers.
>
> Jeremy.
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Darren Mar-Elia
> *Sent:* Monday, 8 September 2008 8:42 AM
>
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Jeremy-
>
> Actually, you can simply specify a script like that and WSH will use the
> default script host (wscript or cscript) to run it. Curious why you say you
> can't run it that way? Also, I think the only successful way to run it is as
> local system. Or, at least, that gives you the best chance for success.
>
>
>
> Darren
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jeremy Saunders
> *Sent:* Saturday, September 06, 2008 7:56 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Hi Harry,
>
>
>
> You can't just run the script like that. You need to ensure it's launched
> with cscript, and use some parameters as well. And furthermore, the process
> of deleting profiles may not work by using the Local System account, which
> is what I believe a Startup script would run as.
>
>
>
>
> http://www.jhouseconsulting.com/index.php/blog/2008/07/30/script-to-replace-delprofexe/
>
>
>
> I hope that helps.
>
>
>
> Cheers,
>
> Jeremy.
>
>
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Saturday, 6 September 2008 2:30 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Thanks for the reply Darren, here goes.
>
> I believe i came across a thread here or it could have been somewhere else,
> that mentioned when applying a GPO to an OU that consists of only computers,
> it would be best to remove "Authenticated Users" and add a Sec group that
> has all the computers in it. If Authenticated Users is  recommended, i'll
> gladly revert back.
>
> I don't have fast logon optimization disabled -- where would i disable that
> ?
>
> I'm calling the vbs script directly from within the GPO as i would a batch
> file, as demonstrated by the screenshot. I've also attached the script, i
> received courtesy of Joe Shonk on the Citrix thinlist.
>
> remove the txt extension after the vbs.
>
> On Fri, Sep 5, 2008 at 2:15 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
>
> Harry-
>
> Just out of curiosity, if the computers are in their own OU, why are you
> using security filtering on top of that? Keep in mind that a computer won't
> pick up its new group membership until a reboot, but since you're doing that
> anyway, I suspect that is not the issue.
>
>
>
> With respect to the software installation, have you disabled fast logon
> optimization on these machines? If not, then the SI package could take a
> couple of reboots to get picked up. If so, then I would check the
> application event log on the machine for a event of type "Application
> Management" as this will indicate whether there is some error with the
> processing of the package.
>
>
>
> Can you post your VBScript code here and also let us know how you're
> calling it? I think you said you were calling it from the parameters on a
> batch file?
>
>
>
> Darren
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Friday, September 05, 2008 10:47 AM
>
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Hi All -
>
> So, i finally have been able to put this GPO into production and have
> something interesting, albeit furstrating.
>
> I placed the the computers i want this GPO to run against within their own
> "Computers" OU.
>
>  I then created a security group and put all these computers within this
> security group
>
> I then removed " Authenticated Users" from the security of the GPO and just
> put the above mentioned security group.
>
> I found that the policy does run, as noted in the attached gpresult log (
> delprof-test ) is the GPO in question, but the startup VBS script to delete
> profiles, does not run. I also assigned UPH clean but have noticed that
> didn't install either. These are the only two machine based settings applied
> on this GPO and neither of them are running, but the GPO is being executed
> on the machines.
>
> any thoughts ?
>
> On Thu, Aug 7, 2008 at 5:27 AM, Hutchinson, Alan <
> Alan.Hutchinson@xxxxxxxxxxxxxxxxxx> wrote:
>
> Harry,
>
> As I said I haven't yet tried it (probably sometime next week).
>
>
>
> As for your second paragraph - no need to block inheritance; this is
> exactly what loopback processing  in replace mode achieves.
>
>
>
> REgards,
>
>
>
> Alan.
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* 06 August 2008 18:40
>
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Alan,
>
> i was just about to post that, since i subscribe to the THIN list and came
> across that.
>
> Since it's a VBS script, i understand when you add it to the startup of a
> GPO, there are "Script Parameters". I've never leveraged this because,
> truthfully, i really don't know what would be placed in here ? could someone
> provide some insight as to how to properly use that field ?
>
> A&M - as far as loopback processing goes, that makes it much clearer, but i
> still need to re-read and implement to fully comprehend. I currently have a
> TS/Citrix environment and am trying to wrap my head around understanding
> applying user settings to the same user but different policies. I suppose if
> i block policy inheritance on the GPO that's assigned to the TS servers ou
> and configure machine and user based settings this will only apply to users
> who are logging into that server.
>
> On Wed, Aug 6, 2008 at 1:12 PM, Hutchinson, Alan <
> Alan.Hutchinson@xxxxxxxxxxxxxxxxxx> wrote:
>
> I haven't tried it yet but came across this from another freelist which may
> do what you want when you've sorted script execution :
>
>
>
>
>
>
> http://www.theshonkproject.com/index.php?option=com_content&task=view&id=27&Itemid=31
>
>
>
> Regards,
>
>
>
> Alan.
>
>
>  ------------------------------
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Nelson, Jamie
> *Sent:* 06 August 2008 16:27
>
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Hmm, yeah I can see how that is helpful from the teacher's perspective. If
> I were you I would definitely spend some time troubleshooting why the
> profiles are getting corrupted in the first place. That shouldn't be
> happening.
>
>
>
> As far as your script not executing, I recommend starting it off with
> something basic just to make sure it is actually executing. A good example
> would be piping the contents of ipconfig out to a text file on the C: drive
> or something.
>
>
>
>                 ipconfig >%SYSTEMDRIVE%\ipconfig.txt
>
>
>
> Then go back and verify the file is created after a reboot. That way you
> can be certain the script is actually running. If it is, but the profile is
> not getting deleted, you know you have some kind of logic error in the part
> of the script.
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Tuesday, August 05, 2008 6:26 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> I'll be glad to elaborate.
>
> This is a lab environment and we've implemented a combination of mandatory
> profiles and GPO to control User configuration settings. Periodically, the
> profile experiences problems and just doesn't load properly. I've ran traces
> to see if any network connectivity issues exist between the workstation and
> the server where the profile resides and , although i see some collisions, i
> don't expect that to be the sole root cause. Instead of delving more time
> and resources, we've found by blowing the profile the issues resolve
> themselves --- and as i mentioned, this doesn't happen too frequently, only
> periodically. Now, the lab machines aren't rebooted or turned off nightly,
> so the deleting of profiles on reboot is really a way for us or the teacher
> on site to delete the profiles "on-demand". I'm sure there are alternate
> ways to get this done, and i'm all ears.
>
> So you're saying i can apply a GPO to an OU that just has computer accounts
> ?
>
> "To clarify, loopback policy is used when you want user configuration
> policies to apply based on where the computer object resides instead of the
> user object. " That's still a litte fuzzy to me, could you provide an
> example that could help me further put this confusion function to rest for
> me ?
>
> Thanks
>
> On Tue, Aug 5, 2008 at 5:27 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx>
> wrote:
>
> Delprof.exe can't delete a specific user profile, you generally tell it the
> max number of days old a profile can be (from last use) and it will delete
> anything older than that. I still don't understand why you want to delete it
> on every reboot though. Maybe you can be kind enough to elaborate?
>
>
>
> Actually, you were right the first time. For startup scripts to run they
> must be applied to OUs containing computer objects. You don't need loopback
> policy or security filtering for that. To clarify, loopback policy is used
> when you want user configuration policies to apply based on where the
> computer object resides instead of the user object.
>
>
>
> Hope that helps. J
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Tuesday, August 05, 2008 4:13 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Bat File Not Executing.
>
>
>
> Jamie,
>
> Yes, the script is deleting the documents and setting folder. I agree this
> isn't very clean, but  I am having trouble in negotiating the delprof
> command line to delete the profile i want under my specific parameters.
> Specifically, i want the profile to be deleted upon every reboot, either
> during the shutdown or, preferably, during the startup of the machine. ?
>
> Secondly, i believe my problem was i  was applying the GPO to an OU that
> just had the computer accounts. I realized this can't be done, i'd have to
> apply it to the OU containing the LAB user account ; since only the Computer
> Config is enabled, the script will execute on whatever machine that user
> logs into, correct ? That being said, what should the loopback processing
> setting be on this GPO, if there are no user configured settings on this GPO
> but others ?
>
> Just to clear up any confusion, if i want machine specific settings only to
> apply to computer accounts, i need to:
>
>    - Configure the Computer Configuration portion of the GPO.
>    - Create a Security Group and add the respective computer accounts to
>    this group and add it to the permissions of the GPO with the "Apply" GPO
>    permission ?
>    - Never apply GPO's to OU's that just have computer accounts
>    - Enable loopback processing on a computer oriented GPO if you have any
>    USER Confiuration settings in that GPO, otherwise just leave it disabled or
>    not configured ?
>
>
>
> On Tue, Aug 5, 2008 at 4:57 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx>
> wrote:
>
> When you say "delete the profile" are you just trying to delete the profile
> folder under C:\Documents and Settings? That doesn't truly dump the profile,
> as there are still some registry keys that have to be cleaned up.
>
>
>
> On that note, I don't think deleting the profiles on startup is a good
> practice, even if they are for what I assume are temporary lab user
> accounts. You're better off creating a scheduled task on the machine to run
> the delprof.exe utility (from the Server Resource Kit) which can delete all
> profiles that have not been used in a specified number of days. Just my
> opinion though. You may have valid reason for doing it that way so please
> don't take offense. J
>
>
>
> As far as the script not executing is concerned, did you place it in the
> GPO's "machine\scripts\startup" folder in SYSVOL or somewhere else on your
> network?
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Harry Singh
> *Sent:* Tuesday, August 05, 2008 3:21 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Bat File Not Executing.
>
>
>
> All -
>
> I've added a bat file to the startup script inside of a GPO, the computer
> configuration part of the GPO. The script deletes any profile starting with
> lab* and is suppose to run when the computer is restarted so as to not run
> into any file locks by explorer. However, the folders are not being deleted
> and when i run a gpresult, the script indicates: " This script has not been
> executed"
>
> any ideas ?
>   *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
>
>
>
>
>
>
>
>  ------------------------------
>
> *Confidentiality and Privilege Notice
> *This document is intended solely for the named addressee.  The
> information contained in the pages is confidential and contains legally
> privileged information. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such person), you may
> not copy or deliver this message to anyone, and you should destroy this
> message and kindly notify the sender by reply email. Confidentiality and
> legal privilege are not waived or lost by reason of mistaken delivery to
> you.
>  ------------------------------
>     ------------------------------
>
> *Confidentiality and Privilege Notice
> *This document is intended solely for the named addressee.  The
> information contained in the pages is confidential and contains legally
> privileged information. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such person), you may
> not copy or deliver this message to anyone, and you should destroy this
> message and kindly notify the sender by reply email. Confidentiality and
> legal privilege are not waived or lost by reason of mistaken delivery to
> you.
>  ------------------------------
>
>
>  ------------------------------
>
> *Confidentiality and Privilege Notice **
> *This document is intended solely for the named addressee.  The
> information contained in the pages is confidential and contains legally
> privileged information. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such person), you may
> not copy or deliver this message to anyone, and you should destroy this
> message and kindly notify the sender by reply email. Confidentiality and
> legal privilege are not waived or lost by reason of mistaken delivery to
> you.
>  ------------------------------
>

Other related posts: