Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Group Policy Computer Configuration

Answered Group Policy Computer Configuration

  • Monday, December 10, 2012 12:53 PM
     
     
    Sign In to Vote
    0

    When i want to run a group policy like a script or command file run when computer shutdown / startup there are always problems.

    I have a .cmd file that runs fine standalone when  a user starts that .cmd file. When putting the command file in a shutdown script beneath computer configuration it won't run. After cheqing the results wizard i see that the policy is running fine but the command does not work. Also not when running from startup script.
    The policy is off course put beneath the computers OU.

    When putting the script beneath user configuration as a log off / login script it runs file no problems there.

    This is not the first time, when triing to run a GPP like a scheduled task it does also not do the task when configure it beneath computer configuration but it does when putting beneath user configuration.

    What can i be doiing wrong here?

    freddie

     

All Replies

  • Monday, December 10, 2012 1:06 PM
     
     
    Sign In to Vote
    0

    As a script can contain all sorts of commands it is difficult to pinpoint your problem. Could you anonymize it and post it here?

    One thing that could go wrong is trying to use shares mapped with letters in the user's context. Example: The user has H: mapped to his home share. The script running as a shutdown script has a reference to H:, but it is running under the system context which does not have the H: or at least not the same H:.

     
  • Monday, December 10, 2012 3:03 PM
     
     
    Sign In to Vote
    0

    The script is in a file share like: \\serverpath\delete.cmd so the letter is not the problem. I think it has something to do with rights. Before i had also the problem with a task schedule GPP. That also did not run under the computer context but it did under the user context.

    And the script runs also fine when run under the user context or manual..

    The command excist out of vbscript:

    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Microsoft\Office\11.0\Outlook\Security /v OutlookSecureTempFolder') do set office2003=%%~sb
    if defined office2003 (
     call :clear %office2003%
     set office2003=)
    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security /v OutlookSecureTempFolder') do set office2003=%%~sb
    if defined office2003 (
     call :clear %office2003%
     set office2003=)

    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Microsoft\Office\12.0\Outlook\Security /v OutlookSecureTempFolder') do set office2007=%%~sb
    if defined office2007 (
     call :clear %office2007%
     set office2007=)
    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security /v OutlookSecureTempFolder') do set office2007=%%~sb

    if defined office2007 (
     call :clear %office2007%
     set office2007=)

    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Microsoft\Office\14.0\Outlook\Security /v OutlookSecureTempFolder') do set office2010=%%~sb
    if defined office2010 (
     call :clear %office2010%
     set office2010=)
    for /f "skip=2 tokens=2*" %%a in ('reg query HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\Security /v OutlookSecureTempFolder') do set office2010=%%~sb
    if defined office2010 (
     call :clear %office2010%
     set office2010=)
    call :clear %temp%\

    freddie

     
  • Monday, December 10, 2012 3:07 PM
     
     
    Sign In to Vote
    0

    The script is in a file share like: \\serverpath\delete.cmd so the letter is not the problem.


    Make sure Domain Computers have read access... Both share and NFS level, of course.
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Monday, December 10, 2012 3:08 PM
     
     Answered
    Sign In to Vote
    0
     
    > for /f "skip=2 tokens=2*" %%a in ('reg query
    > HKCU\Software\Microsoft\Office\11.0\Outlook\Security /v
    > OutlookSecureTempFolder') do set office2003=%%~sb
     
    When run at shutdown/startup, HKCU points to HKU\.Default, so this will
    not really do what you want it to do ;-))
     
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Monday, December 10, 2012 3:42 PM
     
     
    Sign In to Vote
    0
    > for /f "skip=2 tokens=2*" %%a in ('reg query
    > HKCU\Software\Microsoft\Office\11.0\Outlook\Security /v
    > OutlookSecureTempFolder') do set office2003=%%~sb
    When run at shutdown/startup, HKCU points to HKU\.Default, so this will
    not really do what you want it to do ;-))
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

    So are you meaning that when run under the computer configuration the script has to do tasks that will do for example HKLM tasks?

    freddie

     
  • Monday, December 10, 2012 4:01 PM
     
     Answered
    Sign In to Vote
    0
    This is a typical example of what you cannot do in a shutdown script. As mentioned a shutdown script will run as local system and cannot affect user settings (at least for other users than Local System itself)
    • Marked As Answer by surfer10 Tuesday, December 11, 2012 7:57 AM
    •