none
GPO Logon PowerShell Script not Executing

    Question

  • Hello,

    I've created two Powershell scripts, one log off and one log on. Both scripts acre being run via a .bat file.
    I had to create .bat file scripts because the Powershell scripts would not run when setting up via log on / log off setting.

    The log off .bat script works just fine and calls the Powershell script which successfully does it's thing.

    The log on script just won't work. When I try to run the Powershell script local, I get the execution policy error (though I thought this will be bypassed with my .bat file ..see below):

    Log off script(s):
    batch file which is the actual script defined in the GPO as the log off script:
    @ECHO OFF
    Powershell.exe -ExecutionPolicy Bypass -Command "& '%~dp0Logoff.ps1'"

    Logoff.ps1 script:
    Get-WmiObject -namespace root\cimv2 -Query "select * from Win32_Printer Where Default = TRUE" -Impersonation 3 | select ExpandProperty name | out-file $env:APPDATA\TestFile

    Log on script (s):
    batch file which is the actual script defined in the GPO as the log on script:
    Powershell.exe -ExecutionPolicy Bypass -Command "& '%~dp0Logon.ps1'"

    Logon.ps1 script:
    (New-Object -ComObject WScript.Network).SetDefaultPrinter((get-content $env:APPDATA\TestFile))

    Any help much appreciated!

    The easiest way would be if it would just work by defining the powershell scripts in the GPO settings as log off and log on scripts, but if I do that, not even the log off scripts works (neither run if doing it that way, hence I created the batch files to call the ps1 files)

    Thanks,

    Thursday, July 30, 2015 4:58 AM

All replies

  • have you tried Bypass -File  ?

    HughMc


    • Edited by HughMc Thursday, July 30, 2015 5:10 AM
    Thursday, July 30, 2015 5:10 AM
  • Hello,

    use .cmd as logon script. Here is .cmd file example:

    @echo off
    PowerShell.exe -nologo -file \\YourDC\scripts\YourLoginScript.ps1 -windowstyle hidden -noprofile -executionpolicy bypass

    Regards

    Thursday, July 30, 2015 6:58 AM
  • Just a couple of questions Rykhar,

    1. doing this as a 'PowerShell' logon/logoff script should work. Why not troubleshoot that instead of forcing it through a .cmd or .bat?
    2. It appears you are doing a setDefaultPrinter on a customer comobject. Is this what you intend to do in production?

    The reasons for both of these questions is 'right too for the right job' is typically the best way to approach. For deploying printers GP Preferences typically works well. There are also administrative template settings to do some other printer related configuration. Lots of blog posts out there on how to accomplish this.

    Here is one walk through but you will find many... http://community.spiceworks.com/how_to/11413-group-policy-preferences-printer-deployment

    For the powershell logon script, Jeff Hicks is a great PS resource as well as an overall great windows guy. He writes about it here https://4sysops.com/archives/configuring-logon-powershell-scripts-with-group-policy/

    Good luck, but It seems to me that you are headed down the wrong path. Stick with PowerShell logon scripts and GP Preferences for printer deployments.

    Kevin


    Kevin Sullivan - Program Manager

    Thursday, July 30, 2015 1:38 PM
    Owner
  • Just a couple of questions Rykhar,

    1. doing this as a 'PowerShell' logon/logoff script should work. Why not troubleshoot that instead of forcing it through a .cmd or .bat?
    2. It appears you are doing a setDefaultPrinter on a customer comobject. Is this what you intend to do in production?

    The reasons for both of these questions is 'right too for the right job' is typically the best way to approach. For deploying printers GP Preferences typically works well. There are also administrative template settings to do some other printer related configuration. Lots of blog posts out there on how to accomplish this.

    Here is one walk through but you will find many... http://community.spiceworks.com/how_to/11413-group-policy-preferences-printer-deployment

    For the powershell logon script, Jeff Hicks is a great PS resource as well as an overall great windows guy. He writes about it here https://4sysops.com/archives/configuring-logon-powershell-scripts-with-group-policy/

    Good luck, but It seems to me that you are headed down the wrong path. Stick with PowerShell logon scripts and GP Preferences for printer deployments.

    Kevin


    Kevin Sullivan - Program Manager

    Hi Kevin,

    to answer your questions:

    Yes, I am now trying to get the Powershell scripts to work at log on instead of the .bat workaround. This is a much cleaner solution, if it will work eventually.

    And yes, the scripts only purpose is to set the selected default printer back to the printer pre-log off. We are running a virtual desktop infrastructure with floating pools and VMware's persona management. Unfortunately persona management does not always (almost never) retain the default printer flag through log off.

    Unfortunately, using GPP's is not an option for us as we have so many different user groups with each their own default printer. Even users withing those user groups have different default printers.

    Therefore I'd really like this script to work because this way, any individual user can select any printer as their default and it will be retained.

    And yes, this will eventually go in to production. Currently of course only testing environment.

    Thanks!




    • Edited by Rykhar Thursday, July 30, 2015 3:20 PM
    Thursday, July 30, 2015 3:10 PM
  • I think I found the problem.

    The log on script:

    Logon.ps1 script:
    (New-Object -ComObject WScript.Network).SetDefaultPrinter((get-content $env:APPDATA\TestFile))

    Does not run because of ExecutionPolicy. I was able to get it to run by first running:
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force
    I set the Process flag because I only want this one script to be able to run.

    Now my question is, how can I embed the second script into the first one? I've tried and created one script:
    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force
    (New-Object -ComObject WScript.Network).SetDefaultPrinter((get-content $env:APPDATA\TestFile))

    but it does not work.

    Thanks,

    Thursday, July 30, 2015 5:18 PM