[THIN] Re: Domain logon script not running - not fixed... pls help
- From: "Rosemary Sarkis" <rosemary_sarkis@xxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 07 Nov 2002 08:50:07 +1100
Hi
Its just a cmd file that users the "IFMEMBER" app to see if the user is a
member of domain group. The ifmember tool is on the PDC + BDC.
I browsed to the BDC from a problem server and manually launched the cmd
file - it fails with "Access to the specified device, path, or file is
denied" I don't understand how as "everyone" has RX to that directory. I
also added the user explicitly with full rights to the file and it still
fails.. Obviously a permissions issue but from where???
Thanks for the ideas
Rose
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
06/11/2002 16:04
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon script not running - not
fixed... pls
help
Rosemary,
What is the script? A CMD file, bat, or kix?=20
Can you as administrator or a user run the script manually by browsing =
to the pdc\netlogon share when logged into the problem server?
If it works on one in a test enviro, within the same domain. I doubt =
it's a permissions issue on the share, especially when you're =
successfully running the scripts as an un-privledged end user on the =
test box. =20
If your script calls a kix file, (you did mention in an ealier post that =
the script mapped drives based on nt user group) . . . you need to have =
the kix32.exe in the system32 of any server where you want to run the =
script. Alternatively you can also put the kix32.exe file on the =
netlogon share and use the following syntax from a *.bat / *.cmd file to =
launch it:
----start script----
%0\..\kix32 yourkixscript.kix=20
----end script-----
Jim
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=20
Sent: Tuesday November 05, 2002 6:35 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Domain logon script not running - not fixed... pls =
help
Hi
Checked the PDC + BDC - rights look OK. The "everyone" right has RX =
from=20
the repl directory downwards. Checked the files also - the "everyone" =
right=20
has RX. We haven't set any replication up. We copy any policy =
file/scripts=20
manually as we only have 2 domain controllers..
Rose
is problem with replication and the permissions on the netlogon share??
If the user does not have read rights for the share then they will not
be able to run the script. Also I have seen a problem with the setup of
replication in that the admin somehow dropped all the scripts into the
export dir (%windir%\system32\repl\export). The netlogon share is
assigned to the import dir under repl.
HTH
Mk
Mark Calleja
Coordinator Network Systems
Network Systems
Dept Housing and Works
(08) 9222 4941
mark.calleja@xxxxxxxxxxxxx
>>>dino7@xxxxxxxxxxxxx 06/11/2002 8:23:59 >>>
Hello:
There definitely IS an NT policy setting, under "Windows NT
System" policy
section called "Run logon scripts synchronously". Whether or not
setting
this value will solve your problem, I don't know, since I'm not really
sure
what your domain logon script is supposed to do. However, I had a
similar
problem last year. I wanted each user to have a different mapped
drive
based on group membership. The problem, which I never really got
around to
solving, was that the environment variables in a logon script are
volatile
(meaning that after the logon script completed, whatever values were
set
simply go away). This is a function of the Windows OS itself, so
there's
nothing that can be done about it (if you really want the KB articles,
I'll
look them up).
At any rate, what I was planning to do, if I had the time was to
test it,
was to ignore a separate logon script and application launching, and
simply
have a "batch" file spawn a separate process to launch the desired
application, which would inherit the parent process' environment. I
was
planning on using Perl, but Kix may be able to do it too. Anyway, I
hope
this helps.
Dean
This message contains information which may be confidential and
privileged.
Unless you are the addressee (or authorized to receive for the
addressee),
you may not use, copy, or disclose to anyone the message or any
information
contained in the message. If you have received the message in error,
please
advise the sender by e-mail reply to dino7@xxxxxxxxxxxxx, and then
delete
the message.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf
Of Rosemary Sarkis
Sent: Tuesday, November 05, 2002 3:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Domain logon scipt not running - not fixed... pls
help
Hi again
I thought this was fixed - ie it was working on a server in our prod
env.
As soon as I implemented the change to a production server, it stopped
working. There is no difference between the 2 servers. I looked thru
the
production Nt4 policies and there is nothing restricting logon scripts
from
running. I even renamed the production policies (ntconfig.pol) to .old
so
they didn't run, deleted the user profile and tried again - same
issue.
In user manager, the users are set to run a login script which exists
on our
PDC + BDC's. User logs on, published app starts but no domain logon
script
runs as it should. If I switch the same published app back to the dev
environment, the script runs. Something is obviously different on my
prod
servers but I have no idea. Can someone please assist, getting urgent
- I
need to get the domain scripts running..
Server config is - Windows Terminal Server, SP6, GSNW, Metaframe XPe
Thanks
Rose
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
05/11/2002 10:44
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon scipt not running -
fixed
but drive
mappings need a refresh?
Rosemary,
I thought I'd seen something in the forums about this, but I haven't =3D
been able to find it yet so we'll go with some options that may or may
=3D
not get you what you want.=3D20
You could look at resetting how your pub app launches, I would create a
=3D
new app with all the old settings, but in place of file manager put a
=3D
custom CMD file. In the CMD, you could use 'timeout' available on =3D
thethin.net under utilities, to have the file 'pause' for a set few =3D
seconds, (long enough for your scripts to run) and then have it call =3D
your app.=3D20
I've also seen a post or two about folks making customizations to =3D
usrlogon.cmd to pause the login as well. I'd imagine 'Timeout' would =3D
work in this situation too, however this will effect all logins to the
=3D
server.=3D20
With Win2k, and it's policies you have the option for asynchronous =3D
logins (which means explorer waits to load until your login scripts =3D
finish). Once again without looking I don't recall if TSE policies have
=3D
support for this option or not, but it's worth a look through the ADM's
=3D
on thethin.net just in case.=3D20
I'm sure in playing around with these possibilities you'll find a =3D
working solution, others on this list may very well have some better =3D
ideas for handling this as well . . . of course a good number of them
=3D
are all at Iforum this week so you may have to wait a day or two for a
=3D
good answer . . :)
Good luck,
J
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=3D20
Sent: Monday November 04, 2002 1:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Domain logon scipt not running - fixed but drive =3D
mappings need a refresh?
Hi
I seem to have it working now. However, the application (File Manager
=3D
in=3D20
this case) is launching before the logon script has completed so the =3D
drive=3D20
mappings don't appear unless I press F5. Has anyone seen this before.
=3D
Is=3D20
there a way to suppress the app from starting until the script is =3D
finished=3D20
so all letters are visible without the need to refresh??
Thanks
Rose
PS - Thanks for the info Jim, I shall take a look into Kix...
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
04/11/2002 16:16
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon scipt not running
Rosemary,=3D3D20
Try setting the following settings in the registry on your server, it
will not only allow you to kill the NW login script, but should allow
you to set default tree and context settings for all users.=3D3D20
HKLM\system\currentcontrolset\servies\nwcworkstation\parameters\logon
logonscript - REG_Dword - '0'
PerferredServer - Reg_SZ - '*treename/context'
HKLM\system\currentcontrolset\services\nwcworkstation\parameters
DefaultLocation - REG_SZ - '*treename/context'
DefaultScriptOPtions - Reg_Dword - '0'
After making these changes, restart the gateway service for NW on the
server and the changes should take effect.=3D3D20
Combined with the last e-mail I sent, I suggest you take a good look
at
kix for doing this stuff. It can map netware and NT drives, but it can
only do it based on NT users and groups. You can't beat 'careware'
though, and it's got a very thorough word doc on how to get it to do
what you need, full of samples. Plus the website has a great forum
with
all sorts of scripting gurus willing to help out those in need.
HTH
J
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=3D3D20
Sent: Sunday November 03, 2002 9:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Domain logon scipt not running
I have a WTS Server with Metaframe XPe installed with Gateway services
for=3D3D20
netware. I want to run the NT Domain login script only and it is =3D
not=3D3D20
running. I have set the Preferred Server in the Gateway Services
config
to=3D3D20
None but Run Login Script is still ticked.
My domain logon script is not running for any user. Is there an issue
with=3D3D20
the domain logon script if gateway services is installed but not
used??
90%=3D3D20
of our users require gateway services, the other 10% only require a
domain=3D3D20
logon script.
How can I get the domain logon script to run for these users??
Thanks
Rose
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
