[gptalk] Re: Running a Batch file at user logon.

  • From: "Jakob H. Heidelberg" <jakob@xxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Tue, 29 Jan 2008 09:37:29 +0100



It does sound like you did everything needed to make this work - a restart
is of course needed, but you took care of that you say.


As this point it could be great if you checked the event viewer for any
error on the clients that happens during startup. Later you might have to do
advanced troubleshooting.


You should perform the GPRESULT command to see if the computer "picked up"
the policy at all.


Note - you should probably test such a policy isolated the first time
(limited to an OU with only one computer system within it or alike).




From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ananth Rajagopal
Sent: 29. januar 2008 09:17
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Running a Batch file at user logon.


Hi Jacob,

Thanks for the article. It cleared a lot of doubts.

We did as you said, but we still couldn't make it work! This how we did
it... please go through it and advice on where we went wrong!

In the Group Policy Objects we created a new policy called " Intranet Mail
Srv Route"
We edited the policy, we set it as  Computer Configuration>Windows
Settings>scripts(Startup/Shutdown)>Startup> we showed the UNC path to the

The scripts is stored in
"\\Tai2D.ent\SysVol\Tai2D.ent\scripts\mailsrv_route.bat" this path and this
share is accessible from all systems in the domain. The permission to this
share is "Authenticated Users Read and Execute"

Next, at the domain level we gave "Link an existing GPO" gave this GPO and
enabled  enforced and link enabled.

In the Security Filter windows we added "Authenticated Users" and "Domain

Next we gave gpupdate /force

We restarted the systems several times but still the new route is not
getting added.

Please analyze the steps and kindly inform us where we have gone wrong. Have
we missed anything that you have told us? :-)

Thanks for the help!
Ananth :-)

On Jan 25, 2008 3:49 PM, Jakob H. Heidelberg <jakob@xxxxxxxxxxxxxxx> wrote:

Hi again Ananth,


As stated before it would, in most cases, be better to add the route once
and for all on the clients default gateway. But, you probably have your
reasons J


I think there are some basic things about GP processing and filtering you
should take a look at. Maybe this blog will help you:



Earlier you told me you want to "hit" all systems in the domain - in that
case all you have to do is:


1.       Have the script file in a shared directory where Authenticated User
or Domain Computers have Read access

2.       Create the GPO and point the Startup script to the shared script
file (Computer Configuration part on the GPO)

3.       Link the GPO to the Domain Level (you don't have to change
Permissions or anything in this case)

4.       Reboot all machines for the script to be executed (could take 2


However - I must warn you a bit: this will execute the script during the
next startup (or two) on ALL domain computers (including servers).


Note to #3: If all of your computers are in the "My Computers OU" you could
just link the GPO here (except computers in the Domain Controllers OU would
not be hit - if they should be hit too you could link the policy to that OU
too  and restart them one after the other perhaps).


If this doesn't execute on the clients you must start troubleshooting. Look
in the client eventlog to spot for any errors, use GPRESULT to be sure the
GPO applies to the computers etc. However, I do expect this to work.





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Ananth Rajagopal
Sent: 25. januar 2008 08:27
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Running a Batch file at user logon.


Hi All,

We want to add a persistent route to all systems in 192.168.2.x network to a
server having IP

We created a route.bat batch file and copied this command 

Route Add MASK -p

This batch file was copied to
\\Server.com\SysVol\Server.com\scripts\route.bat folder.

The batch file was placed in Computer Configuration/Windows Settings/

We created a new group called Harmony_Sys in Builtin folder in that Domain.
Created a new OU called Harmony Systems, moved systems on which this batch
file has to be run to this OU. Made the computer a member of the group
Harmony_Sys group. 

>From GPMC, We applied this route policy to this Harmony Systems OU. 

But the new route is not getting created. Where have we gone wrong, is the
procedure correct.



Other related posts: