I was going to post ...
WXP.Pro.sp3 clients on W2K3 domain.
GPO runs a SHUTDOWN .vbs to install a large app.
The script works. The GPO works on fast machines, on Gb connections within 5 minutes. Now, however, I'm dealing with 100Mb connections on slower machines and even laptops.
The problem is that it takes 25 minutes (or more) for the script to complete on these slower machines/connections.
Aside from the SHUTDOWN script.vbs itself, the only other changes on that GPO are:
Computer Configuration \ Administrative Templates \ System \ Scripts
= Maximum wait time for Group Policy scripts
+ value (3600) ... one hour
USER CONFIGURATION = DISABLED
... the shutdown script timeout still cuts the script off at 10 minutes regardless.
... After much testing, it turns out replication of the GPO between DCs was off just enough that some test machines got the old 10 minute GPO, while others got the new 60 minute GPO and worked fine; even with a gpupdate/force ...
Just thought I'd share. 8)
- Changed type Mervyn ZhangModerator Wednesday, September 09, 2009 11:16 AM
Something I should add.
The GPO Script processing timer change of that GPO doesn't seem to apply itself to the target machine until AFTER restart.
So the order of operations then becomes:
1. machine grabs GPO at startup
2. at shutdown/restart, the shutdown script.vbs executes
3. 10 minutes later, GPO script processing is cut off, fubaring the script operations
4. machine restarts, THEN applies that same GPO's script processing timer change.
Now this could become a major problem for deploying any future GPO deployed scripts of any duration beyond 10 minutes. I'm going to try a few more test runs of virgin machines to see if it remains this way, but so far ...
Two possible solutions:
Create a default GPO with just that script processing timer change, then drop it into the default computer OU for newly domain-joined computers to pick it up before they get a chance to go anywhere or do anything.
The other option would be to alter the script to watermark and exit without processing the first time that GPO is applied. This forces the target machine to pass through its restart/shutdown without running the full length and breadth of the script, thus acquiring the timer change at that next reboot. At the next restart/shutdown, the same script would recognize the watermark exists (meaning the GPO timer change should now be applied because a restart was forced without fully running the script) and finally fully excute with the new timer already in place.