Announcement

Collapse
No announcement yet.

GP Startup Scripts

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GP Startup Scripts

    I work for a company and have access to OUs to add computers and group policy for computer policies only. Therefore I cannot have any GP policies for users.

    I need to run a startup script through GP that accesses files that are located on a remote Windows 2008 server. I am under the impression that startup scripts only run with the Local System account. How do I access this batch file to deploy it to my 100 machines?

  • #2
    Re: GP Startup Scripts

    You would normally store the script in SYSVOL, in the specific folder for that GPO, which your post implies you are able to do as you can create GPOs to affect computer objects.

    Why are you trying to copy the script to the local machines?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: GP Startup Scripts

      Hi,

      Can you post the script please.
      You can use a UNC path in the script and that should work fine.
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: GP Startup Scripts

        Is there a limit of what I can put in sysvol?

        Comment


        • #5
          Re: GP Startup Scripts

          I cant use UNC paths as this is a startup script. It uses the LocalSystem account which does not have network access. I am unable to use AD and GP based login scripts in my environment. I have been using local login scripts with the windows "startup" folder.

          I need to deploy these changes with GP though.

          Also, Server 2008 makes it hard to use null sessions on file shares.

          Any ideas?

          Comment


          • #6
            Re: GP Startup Scripts

            Originally posted by arkiados View Post
            I cant use UNC paths as this is a startup script.
            My startup scripts which copy files from \\domain\NETLOGON to the local machines all work fine...
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: GP Startup Scripts

              Are these GP based start scripts or are you running these out of the Startup folder on the start menu. Also, are you logged into AD when you do this?

              Comment


              • #8
                Re: GP Startup Scripts

                I am trying to make registry changes on the local machines using the reg command.

                They have an odd setup here. I'm always having to get creative....

                Comment


                • #9
                  Re: GP Startup Scripts

                  Instead of trying to be creative in this occasion have you actually tried to use the UNC path with the startup script and hit any problems?
                  The service using the LocalSystem account presents the computer's credentials to remote servers. If you are having problems, what are the remote folder security and share permissions?
                  Caesar's cipher - 3

                  ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                  SFX JNRS FC U6 MNGR

                  Comment


                  • #10
                    Re: GP Startup Scripts

                    I have tried a few different approaches. The first was creating a security group with the machine account in it. Then granting that security group read and execute permissions to the folder and files on a 2008 server.

                    My second attempt was to use SYSVOL and have my script reference the files with the UNC path to that location.

                    I have been using UNC paths the entire time.

                    Comment


                    • #11
                      Re: GP Startup Scripts

                      The startup script you running is it a batch , VBScript or.. ? Can you show the specific parts of the script.

                      What OS is running on the clients and what version of IE is installede on the clients?
                      Is the server where the files are stored also a member of the domain?

                      For the UNC are you using a dfs-path, domain\share or \\server name? Is the site used in the UNC path added to the local intranet zone on the clients?


                      FYI
                      The startup script has "System" privileges on the local computer, but it uses the credentials of the computer object elsewhere in the domain. Therefore, grant permissions to the 'Authenticated Users' (both user AND computer objects are in that group) to access through the share and on the NTFS folder permissions.
                      OR, when there is a permissions problem, the permissions need to be granted to "Domain Computers" in these cases.




                      \Rems

                      This posting is provided "AS IS" with no warranties, and confers no rights.

                      __________________

                      ** Remember to give credit where credit's due **
                      and leave Reputation Points for meaningful posts

                      Comment

                      Working...
                      X