[THIN] Re: Domain logon script not running - not fixed... pls help
- From: Andrew Feringa <Andrew.Feringa@xxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 7 Nov 2002 11:56:06 +1300
The user or a group is not denied permissions somewhere is it?
I have not followed the whole story so forgive me if I am repeating but =
have
you created a new user from scratch with minimal permissions. I.e. =
domain
users only if this is sufficient and try logging on?
And check all the permissions around the netlogon share. Can a user =
access
it by typing the URL from the run command and run the script manually?
Andrew Feringa
System Administrator
CCEA (XP), MCP
gen-i=20
=A0=A0=A0=A0=A0=A0=A0 technology*passion*success=20
9 City Rd, Auckland, New Zealand=20
Ph:=A0+64 9 373 6913=20
Fax:=A0+64 9 306 4634=A0=20
Mob:=A0+64 027 4379 719=A0=20
E-mail: Andrew.Feringa@xxxxxxxxxxx=A0=20
Web: www.gen-i.co.nz=20
* The might of our people equals the power of our company *=20
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=20
Sent: Thursday, 7 November 2002 10:50
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Domain logon script not running - not fixed... pls =
help
Hi
Its just a cmd file that users the "IFMEMBER" app to see if the user is =
a=20
member of domain group. The ifmember tool is on the PDC + BDC.
I browsed to the BDC from a problem server and manually launched the =
cmd=20
file - it fails with "Access to the specified device, path, or file is=20
denied" I don't understand how as "everyone" has RX to that directory. =
I=20
also added the user explicitly with full rights to the file and it =
still=20
fails.. Obviously a permissions issue but from where???
Thanks for the ideas
Rose
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
06/11/2002 16:04
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon script not running - not
fixed... pls=20
help
Rosemary,
What is the script? A CMD file, bat, or kix?=3D20
Can you as administrator or a user run the script manually by browsing =
=3D
to the pdc\netlogon share when logged into the problem server?
If it works on one in a test enviro, within the same domain. I doubt =
=3D
it's a permissions issue on the share, especially when you're =3D
successfully running the scripts as an un-privledged end user on the =
=3D
test box. =3D20
If your script calls a kix file, (you did mention in an ealier post =
that =3D
the script mapped drives based on nt user group) . . . you need to have =
=3D
the kix32.exe in the system32 of any server where you want to run the =
=3D
script. Alternatively you can also put the kix32.exe file on the =3D
netlogon share and use the following syntax from a *.bat / *.cmd file =
to =3D
launch it:
----start script----
%0\..\kix32 yourkixscript.kix=3D20
----end script-----
Jim
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=3D20
Sent: Tuesday November 05, 2002 6:35 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Domain logon script not running - not fixed... pls =
=3D
help
Hi
Checked the PDC + BDC - rights look OK. The "everyone" right has RX =
=3D
from=3D20
the repl directory downwards. Checked the files also - the "everyone" =
=3D
right=3D20
has RX. We haven't set any replication up. We copy any policy =3D
file/scripts=3D20
manually as we only have 2 domain controllers..
Rose
is problem with replication and the permissions on the netlogon share??
If the user does not have read rights for the share then they will =
not
be able to run the script. Also I have seen a problem with the setup =
of
replication in that the admin somehow dropped all the scripts into the
export dir (%windir%\system32\repl\export). The netlogon share is
assigned to the import dir under repl.
HTH
Mk
Mark Calleja
Coordinator Network Systems
Network Systems
Dept Housing and Works
(08) 9222 4941
mark.calleja@xxxxxxxxxxxxx
>>>dino7@xxxxxxxxxxxxx 06/11/2002 8:23:59 >>>
Hello:
There definitely IS an NT policy setting, under "Windows NT
System" policy
section called "Run logon scripts synchronously". Whether or not
setting
this value will solve your problem, I don't know, since I'm not really
sure
what your domain logon script is supposed to do. However, I had a
similar
problem last year. I wanted each user to have a different mapped
drive
based on group membership. The problem, which I never really got
around to
solving, was that the environment variables in a logon script are
volatile
(meaning that after the logon script completed, whatever values were
set
simply go away). This is a function of the Windows OS itself, so
there's
nothing that can be done about it (if you really want the KB articles,
I'll
look them up).
At any rate, what I was planning to do, if I had the time was to
test it,
was to ignore a separate logon script and application launching, and
simply
have a "batch" file spawn a separate process to launch the desired
application, which would inherit the parent process' environment. I
was
planning on using Perl, but Kix may be able to do it too. Anyway, I
hope
this helps.
Dean
This message contains information which may be confidential and
privileged.
Unless you are the addressee (or authorized to receive for the
addressee),
you may not use, copy, or disclose to anyone the message or any
information
contained in the message. If you have received the message in error,
please
advise the sender by e-mail reply to dino7@xxxxxxxxxxxxx, and then
delete
the message.
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf
Of Rosemary Sarkis
Sent: Tuesday, November 05, 2002 3:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Domain logon scipt not running - not fixed... pls
help
Hi again
I thought this was fixed - ie it was working on a server in our prod
env.
As soon as I implemented the change to a production server, it stopped
working. There is no difference between the 2 servers. I looked thru
the
production Nt4 policies and there is nothing restricting logon scripts
from
running. I even renamed the production policies (ntconfig.pol) to .old
so
they didn't run, deleted the user profile and tried again - same
issue.
In user manager, the users are set to run a login script which exists
on our
PDC + BDC's. User logs on, published app starts but no domain logon
script
runs as it should. If I switch the same published app back to the dev
environment, the script runs. Something is obviously different on my
prod
servers but I have no idea. Can someone please assist, getting urgent
- I
need to get the domain scripts running..
Server config is - Windows Terminal Server, SP6, GSNW, Metaframe XPe
Thanks
Rose
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
05/11/2002 10:44
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon scipt not running -
fixed
but drive
mappings need a refresh?
Rosemary,
I thought I'd seen something in the forums about this, but I haven't =
=3D3D
been able to find it yet so we'll go with some options that may or may
=3D3D
not get you what you want.=3D3D20
You could look at resetting how your pub app launches, I would create a
=3D3D
new app with all the old settings, but in place of file manager put a
=3D3D
custom CMD file. In the CMD, you could use 'timeout' available on =3D3D
thethin.net under utilities, to have the file 'pause' for a set few =
=3D3D
seconds, (long enough for your scripts to run) and then have it call =
=3D3D
your app.=3D3D20
I've also seen a post or two about folks making customizations to =3D3D
usrlogon.cmd to pause the login as well. I'd imagine 'Timeout' would =
=3D3D
work in this situation too, however this will effect all logins to the
=3D3D
server.=3D3D20
With Win2k, and it's policies you have the option for asynchronous =
=3D3D
logins (which means explorer waits to load until your login scripts =
=3D3D
finish). Once again without looking I don't recall if TSE policies have
=3D3D
support for this option or not, but it's worth a look through the ADM's
=3D3D
on thethin.net just in case.=3D3D20
I'm sure in playing around with these possibilities you'll find a =3D3D
working solution, others on this list may very well have some better =
=3D3D
ideas for handling this as well . . . of course a good number of them
=3D3D
are all at Iforum this week so you may have to wait a day or two for a
=3D3D
good answer . . :)
Good luck,
J
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=3D3D20
Sent: Monday November 04, 2002 1:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Domain logon scipt not running - fixed but drive =3D3D
mappings need a refresh?
Hi
I seem to have it working now. However, the application (File Manager
=3D3D
in=3D3D20
this case) is launching before the logon script has completed so the =
=3D3D
drive=3D3D20
mappings don't appear unless I press F5. Has anyone seen this before.
=3D3D
Is=3D3D20
there a way to suppress the app from starting until the script is =3D3D
finished=3D3D20
so all letters are visible without the need to refresh??
Thanks
Rose
PS - Thanks for the info Jim, I shall take a look into Kix...
"Jim Hathaway" <JimH@xxxxxxxxxxxxxxx>
Sent by: thin-bounce@xxxxxxxxxxxxx
04/11/2002 16:16
Please respond to thin
To: <thin@xxxxxxxxxxxxx>
cc:
Subject: [THIN] Re: Domain logon scipt not running
Rosemary,=3D3D3D20
Try setting the following settings in the registry on your server, it
will not only allow you to kill the NW login script, but should allow
you to set default tree and context settings for all users.=3D3D3D20
HKLM\system\currentcontrolset\servies\nwcworkstation\parameters\logon
logonscript - REG_Dword - '0'
PerferredServer - Reg_SZ - '*treename/context'
HKLM\system\currentcontrolset\services\nwcworkstation\parameters
DefaultLocation - REG_SZ - '*treename/context'
DefaultScriptOPtions - Reg_Dword - '0'
After making these changes, restart the gateway service for NW on the
server and the changes should take effect.=3D3D3D20
Combined with the last e-mail I sent, I suggest you take a good look
at
kix for doing this stuff. It can map netware and NT drives, but it can
only do it based on NT users and groups. You can't beat 'careware'
though, and it's got a very thorough word doc on how to get it to do
what you need, full of samples. Plus the website has a great forum
with
all sorts of scripting gurus willing to help out those in need.
HTH
J
-----Original Message-----
From: Rosemary Sarkis [mailto:rosemary_sarkis@xxxxxxxxxxx]=3D3D3D20
Sent: Sunday November 03, 2002 9:47 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Domain logon scipt not running
I have a WTS Server with Metaframe XPe installed with Gateway services
for=3D3D3D20
netware. I want to run the NT Domain login script only and it is =3D3D
not=3D3D3D20
running. I have set the Preferred Server in the Gateway Services
config
to=3D3D3D20
None but Run Login Script is still ticked.
My domain logon script is not running for any user. Is there an issue
with=3D3D3D20
the domain logon script if gateway services is installed but not
used??
90%=3D3D3D20
of our users require gateway services, the other 10% only require a
domain=3D3D3D20
logon script.
How can I get the domain logon script to run for these users??
Thanks
Rose
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.=20
http://join.msn.com/?page=3Dfeatures/featuredemail
***********************************************=20
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This e-mail message has been scanned and cleared by MailMarshal
at gen-i limited - http://www.gen-i.co.nz
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
***********************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
