VistaRC1 SBS2003 and Group Policy Logon Scripts
I have a domain that runs on SBS2003. We use group policy with logon scripts to map drives for certain individuals' dependant on what OU they belong to. I have a machine that is running VistaRC1 and it is joined to the SBS domain. I have two problems.
-
When I logon to the network and every thing starts to load, I get a security warning from the "UAC" about a program that wants access to my computer. It is "\\<server name>\Clients\Setup\setup.exe /s <server Name>" that runs during the logon process on every machine in the office without fail. I allow Vista to run the program. I think it works. Not exactly sure what it is that the program does. All I know it is related to the SBS2003. Now the question: is there a way to disable this warning for this particular program or is it a global setting that affects all programs?
-
I noticed that my drive mapping logon scripts are not working. Its not all of my scripts that are being blocked. I have a script that makes the "Windows Server 2003 Administration Tool Pack" available to my logon that still works. Is there anything in Vista that would be blocking the drive mappings coming from a group policy logon script? They have always worked on my 2000 and XP machines. I run the script locally on the Vista machine and they work. What am I missing here?
Here is the contents of the Script file:
' Map Network Drives
Dim objNet
Set objNet = CreateObject("Wscript.Network")
objNet.MapNetworkDrive "N:", "\\<server name>\CAD"
objNet.MapNetworkDrive "L:", "\\<server name>\SHARES"
objNet.MapNetworkDrive "M:", "\\<server name>\PhotoMapper"
objNet.MapNetworkDrive "T:", "\\<server name>\Terrain Pro"
objNet.MapNetworkDrive "O:", "\\<server name>\Tech Docs"
objNet.MapNetworkDrive "Q:", "\\<server name>\PlotStorage"
objNet.MapNetworkDrive "P:", "\\<server name>\PROJECTS"
WSCript.Quit
Thanks for your help in advanced,
3DCrash
-
Answers
I am also having this problem. I am using Vista RC1 logging into a Windows Server 2003 domain.
The very first time I logged in, all of my drives and printers mapped. But since then, the drives do not map and I don't get any error messages. But if I look in the "Recent Items" list on the start menu, the drive mapping script shows up there. When I click on it, I get a security warning that asks if I really want to open it. When I click "Open", then the script runs and maps the drives correctly. Does that work for anyone else? I know it's not a fix, but it does help maintain sanity until the issue is resolved!
If anyone has any ideas, they would be much appreciated!
Thanks,
Grant
All Replies
- I am having the identical problem, but I can't seem to find anyone else who has this problem or the solution.
Does anyone know anything about this.
Thanks,
Mitch I am also having this problem. I am using Vista RC1 logging into a Windows Server 2003 domain.
The very first time I logged in, all of my drives and printers mapped. But since then, the drives do not map and I don't get any error messages. But if I look in the "Recent Items" list on the start menu, the drive mapping script shows up there. When I click on it, I get a security warning that asks if I really want to open it. When I click "Open", then the script runs and maps the drives correctly. Does that work for anyone else? I know it's not a fix, but it does help maintain sanity until the issue is resolved!
If anyone has any ideas, they would be much appreciated!
Thanks,
Grant
I am also having this problem. I am using Vista RC1 logging into a Windows Server 2003 domain.
The very first time I logged in, all of my drives and printers mapped. But since then, the drives do not map and I don't get any error messages. But if I look in the "Recent Items" list on the start menu, the drive mapping script shows up there. When I click on it, I get a security warning that asks if I really want to open it. When I click "Open", then the script runs and maps the drives correctly. Does that work for anyone else? I know it's not a fix, but it does help maintain sanity until the issue is resolved!
If anyone has any ideas to fix this, they would be much appreciated!
Thanks,
Grant
I saw a post this morning at the Vista community site that talked about this being a result of the mode in which the scripts are run, and I quote:
Prashanth Prahalad [MSFT]:
By default Group policy service executes scripts in an elevated mode. There are some scripts like 'Map network drives' that would need to be run in UAP mode. In order to launch such scripts in a UAP context from an elevated process, you can leverage the Task scheduler API.The post goes on to say:
Prashanth Prahalad [MSFT]:
If the user wants to run a [Group Policy] logon script "Script-UAP.wsf" and requires it to run in UAP context because it is mapping drives for the user then, create another script "Launch-Script-UAP.wsf" which will just use the sample script above to launch "Script-UAP.wsf" in UAP mode. Deploy this [second] script as the [Group Policy] logon script.The original post and replies can be found at:
http://windowshelp.microsoft.com/communities/newsgroups/en-us/default.mspx
Search the "Network & Sharing" discussion for "Login Script Problems". It was started on 9/14/2006 by user "John".Please don't shoot the messenger!
--srshowersJust use the launchApp to launch your new login script.
There is a thread on this here:
http://www.developersdex.com/asp/message.asp?p=593&r=5431945&page=2
The basics are though just check the OS and launch the script with the parameters you want. Here is a copy of what I did/posted there:
The solution I used was to do this.
1) Get launchApp.wsf from the MS documentation
http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db
-a3c1-4be6ac7cf7631033.mspx?mfr=true
2) Created Vista_Check.vbs that I set as my login script
3) When I cut and pasted launchApp.wsf the formatting put an extra
carriage return in part of the script that I had to remove
Call rootFolder.RegisterTaskDefinition( _
strTaskName, taskDefinition, FlagTaskCreate, _
,, LogonTypeInteractive)
I have tested this against Vista, XP SP2 and Server 2003. Works just
fine and I didn't have to change anything in my actual login.vbs
Hope this helps.
Vista_Check.vbs
==============
Dim isVista
Dim wshShell
Set wshShell = CreateObject("WScript.Shell")
GetOS
If isVista = True Then
runLaunchApp
Else
runLoginNormal
End If
Sub runLaunchApp
wshShell.Run "cscript \\<path to launchapp>\launchapp.wsf \\<path to
login>\login.vbs"
End Sub
Sub runLoginNormal
wshShell.Run "\\<path to login>\login.vbs"
End Sub
Sub GetOS
strComputer = "."
Set objWMIService =
GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer &
"\root\cimv2")
Set colOSes = objWMIService.ExecQuery("Select * from
Win32_OperatingSystem")
For Each objOS in colOSes
osCaption = objOS.Caption
If instr(osCaption, "Vista") Then
isVista = True
End If
Next
End SubLogin Script not working and not mapping drives:
Go to Control Panel, Administrative Tools, Local Security Policy, Local Policies, Security Options, User Account Control: Run all administrators in Admin Approval Mode > Set to Disable
After setting to Disable the login script works fine.
I dealt with an issue like this recently in an MS private newsgroup (microsoft.private.directaccess.windowsclient.vista). Looks like there may be multiple issues, but here's info on dealing with one of them.
In previous versions of Windows, if there was an error mapping a drive letter due to permissions, missing folders or shares, etc., the NET USE command would simply return an error message, and the script would continue.
In Vista, it appears that the NET USE command gets confused and sees an authentication problem, regardless of the actual cause. It then tries to prompt for user credentials, which of course is useless in a logon script, and waits forever for response. If you check after logon, you can see the NET command still sitting in memory waiting for input, although no command window is open.
A workaround might be to precede NET USE commands with a <Nul: redirection, so that if the command tries to take input it will get an EOF and error out.
A better solution would be to fix Vista's NET USE to properly handle situations where the mapping cannot take place, especially in batch scripts.
In my case, running the script manually helped me to see where the problems occurred and fix them.
I didn't notice any impact based on whether my user ID had local admin rights, nor did the EnableLinkedConnections registry patch have any effect.
/kenw
Hey all,
I am working with Vista on a SBS2003 domain for quit some time now with no problems.
The UAC errors are getting is the application and setup file from the SBS server. This file runs as soon as you join the domain, or if you change
anything like installed application (virus scanner maybe?). It's just a warning from Vista telling you SBS wants to install or change something on the client.
As soon as the setup file is finished it changes a flag and will not appear again until you change anything.
Second I also use a logon script for the drive mappings.
One thing to make sure is that you first disconnect all the drive mapping. If you leave the drives connected (as due to the first logon) it will trow an error.
Second I run both the logon scipt and the setup.exe from one batch like this:
SBS_Logon_Script.bat :
Code Snippet\\[servername]\Clients\Setup\setup.exe /s [servername] '(this is the setup file from sbs)
\\[servername]\netlogon\logon.vbs '(this is the logon script)
The logon script starts like this:
Code SnippetDim WSHNetwork
Set WSHNetwork = CreateObject("WScript.Network")
'Grab the user name
UserString = WSHNetwork.UserName'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
WSHNetwork.RemoveNetworkDrive clDrives.Item(i), True, True
Next'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300Then do your drive mappings
Be sure to add an extra delay at the end of the script to give some time to make the mapping,
wscript.sleep 500
wscript.quit
I hope this helps.
Greets Arno
Thanks for the solution... I was able to get my mapped drives to display after I implemented your solution in the group policy and reset the "User Account Control: Run all administrators in Admin Approval Mode" option in the Local Security Policy back to the default value "Enabled"...
Thank you, barnesk. This post resolved my issue.
Darryl
Hi,
Try using script with "RemoveNetworkDrive strDriveLetter" as logoff script
hope it helps
thks
