none
Logon Script Not Executed After User Added To Domain Admins

    Question

  • Hi, when I tried to add a user to Domain Admins, the Logon Script no longer runs whenever the User login. Before I added the user to Domain Admin (Domain Users), the logon script work perfectly (I've checked with "gpresult /v" and the script wasn't executed). How to fix this problem? Thanks in advance.
    Wednesday, September 2, 2015 7:57 AM

Answers

  • Hi jazzyhacker,

    Based on my researxh, it may be related to UAC. If a user belongs to the domain admin group and UAC is enabled the logon script will not run in the user context but the admin context instead. So, the mapping is successfully happening, but for a different context, this is the reason for this odd behavior.

    https://technet.microsoft.com/en-us/library/Ee844140%28v=WS.10%29.aspx?f=255&MSPPError=-2147217396

    Could you please add the user directly to the list for the script execution.

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 3, 2015 5:10 AM
    Moderator

All replies

  • Please whether the policy has security filtering restricted for domain admins.
    Wednesday, September 2, 2015 8:33 AM
  • The script was executed for Built In Administrator (also included in Domain Administrator), here is the Security Filtering:

    I have checked the "Apply group policy" permission.

    Wednesday, September 2, 2015 10:15 AM
  • Hi jazzyhacker,

    Based on my researxh, it may be related to UAC. If a user belongs to the domain admin group and UAC is enabled the logon script will not run in the user context but the admin context instead. So, the mapping is successfully happening, but for a different context, this is the reason for this odd behavior.

    https://technet.microsoft.com/en-us/library/Ee844140%28v=WS.10%29.aspx?f=255&MSPPError=-2147217396

    Could you please add the user directly to the list for the script execution.

    Best Regards,

    Mary Dong


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 3, 2015 5:10 AM
    Moderator
  • Thanks for your answer, instead of using Logon Script now I used Group Policy Preferences and it works.
    Sunday, September 6, 2015 2:00 PM