none
Problems deploying powershell script via GPO.

    Question

  • Hi there,

    I've setup a 2012 R2 RDS farm and am trying to roll out remoteapp and desktop connection files via powershell.

    I've followed the guides here : 

    Script from: https://gallery.technet.microsoft.com/ScriptCenter/313a95b3-a698-4bb0-9ed6-d89a47eacc72/

    I've edited the .wcx file and followed the deployment instructions here: http://blogs.msdn.com/b/dsadsi/archive/2011/11/30/automating-the-silent-deployment-of-remoteapp-and-desktop-connection.aspx

    The GPO is applied to the company users OU.

    However, even when I force gpupdate on a win7 machine, nothing happens.  There are no errors. GPRESULT /R shows the policy was applied succesfully. There are no errors in the logs. 

    When I go to the client pc, and i execute the script manually from the share on the DC, it works fine. Can someone please advise?

    To run it manually on the win7 pc, I had to set the remote execution policy to unrestricted.

    Thanks,

    HA


    • Edited by ha20 Friday, February 27, 2015 5:30 PM edit
    Friday, February 27, 2015 5:29 PM

Answers

  • Hello,

    use .cmd as logon script. Here is .cmf file example:

    @echo off
    powershell -nologo -file \\YourDC\scripts\YourLoginScript.ps1 -windowstyle hidden -noprofile -executionpolicy bypass

    Regards

    • Proposed as answer by bshwjt Sunday, March 01, 2015 5:17 PM
    • Marked as answer by ha20 Monday, March 02, 2015 4:49 PM
    Sunday, March 01, 2015 2:47 PM
  • > powershell -nologo -file \\YourDC\scripts\YourLoginScript.ps1 -windowstyle hidden -noprofile -executionpolicy bypass
     
    I agree with this suggestion :)
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    • Marked as answer by ha20 Monday, March 02, 2015 4:50 PM
    Monday, March 02, 2015 10:35 AM
  • Hi,

    Thanks for the suggestions everyone. It turned out there is an issue with the script in that it can only be run once per user per pc. I created another vm, joined it to the domain, applied the gpo and the script added the remoteapp and desktop connections correctly. if I then remove the RADC from control panel and reboot the PC, it won't make any changes. On the same PC, if I logon as another user for the first time, it will run and create the connection.

    I did try the suggestion above and it gave me the same results as well.

    :)

    Now to figure out if I can modify the script to enforce the changes in the ps1 script everytime.

    Thanks,

    HA

     

    • Marked as answer by ha20 Monday, March 02, 2015 4:50 PM
    Monday, March 02, 2015 4:49 PM

All replies

  • To run it manually on the win7 pc, I had to set the remote execution policy to unrestricted

    did you do this after you tried the GPO? have you set an execution policy via GPO?

    Friday, February 27, 2015 6:58 PM
  • Hi,

    I set the remote execution policy on the PC prior to trying the GPO. I have not set a remote execution policy via GPO as i thought it wouldn't bee needed in this case as i had done it manually.

    Thanks,

    HA

    Friday, February 27, 2015 7:57 PM
  • one of the experts most likely martin binder will answer this, I'm new to powershell myself i have successfully deployed scripts via powershell in doing so i set a GPO for script execution. theres probably something at GPO level that overrides local policy (likes most\all GPOS do) 



    • Edited by AlexAdkin Friday, February 27, 2015 8:23 PM
    Friday, February 27, 2015 8:23 PM
  • Hello,

    use .cmd as logon script. Here is .cmf file example:

    @echo off
    powershell -nologo -file \\YourDC\scripts\YourLoginScript.ps1 -windowstyle hidden -noprofile -executionpolicy bypass

    Regards

    • Proposed as answer by bshwjt Sunday, March 01, 2015 5:17 PM
    • Marked as answer by ha20 Monday, March 02, 2015 4:49 PM
    Sunday, March 01, 2015 2:47 PM
  • > powershell -nologo -file \\YourDC\scripts\YourLoginScript.ps1 -windowstyle hidden -noprofile -executionpolicy bypass
     
    I agree with this suggestion :)
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    • Marked as answer by ha20 Monday, March 02, 2015 4:50 PM
    Monday, March 02, 2015 10:35 AM
  • Hi,

    Thanks for the suggestions everyone. It turned out there is an issue with the script in that it can only be run once per user per pc. I created another vm, joined it to the domain, applied the gpo and the script added the remoteapp and desktop connections correctly. if I then remove the RADC from control panel and reboot the PC, it won't make any changes. On the same PC, if I logon as another user for the first time, it will run and create the connection.

    I did try the suggestion above and it gave me the same results as well.

    :)

    Now to figure out if I can modify the script to enforce the changes in the ps1 script everytime.

    Thanks,

    HA

     

    • Marked as answer by ha20 Monday, March 02, 2015 4:50 PM
    Monday, March 02, 2015 4:49 PM