none
Running Power Shell script on OU

    Question

  • Hello,

    Basically, I was testing a script which disconnects a share. I tried to run on a local PC and got an execution policy error. Then I have updated a script with "-SetExecutionPolicy Remote Signed" and ran locally and it worked. The share was gone. The script looks like this:  

    Set-ExecutionPolicy RemoteSigned

    $mapped = Get-WmiObject Win32_MappedLogicalDisk | Select DeviceId, ProviderName foreach ($item in $mapped) { if ($item.ProviderName -eq '\\DC1\Work') {net use $item.DeviceId /del} }

    But when applied over Group Policy it does not seem to work. I have followed the steps by adding a script over GP object edit->Computer Configuration->Policies->Windows Settings-> Scripts-> Startup->PowerShell Scripts ->add

    Also tried adding over User configuration as per Microsoft link: https://technet.microsoft.com/en-us/library/ee431705(v=ws.10).aspx on windows server 2008 R2.

    My question would be where do I find any logs on what happened and why the script does not get applied to a user which is under OU where GP object is linked ?


    MK


    • Edited by waer01 Saturday, January 28, 2017 6:52 PM
    Saturday, January 28, 2017 6:50 PM

All replies

  • From the computer, check the event viewer.

    Applications and Services Logs --> Microsoft --> Windows --> GroupPolicy

    Monday, January 30, 2017 3:48 AM
  • Hi,
    First of all, please run gpresult /h command to get the details group policy result report and see if the GPO is applied to clients or not.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 30, 2017 7:08 AM
    Moderator
  • hi,

    from the report I can see:

    Group Policy Infrastructure failed due to the error listed below.

    Access is denied.

    Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

    Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 30/01/2017 14:13:37 and 30/01/2017 14:13:42.

    • Edited by waer01 Monday, January 30, 2017 2:18 PM
    Monday, January 30, 2017 2:03 PM
  • After a little bit of investigation and changing script location I found out that GP was applied this time but there was no result. Which is strange. Since when you run it locally on PC it does work and disconnects the share.

    MK



    • Edited by waer01 Monday, January 30, 2017 5:11 PM
    Monday, January 30, 2017 5:09 PM
  • Hi,
    Please have a try to use batch script for startup script and see if it works. And if you want to disconnect a share, why not to directly use group policy preference for doing it? https://technet.microsoft.com/en-us/library/cc770902(v=ws.11).aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, February 2, 2017 9:21 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 6, 2017 9:46 AM
    Moderator
  • hi,

    thank you. I have tried. And I found out that on 1 laptop GP was not applied after running gpresults h. On another laptop it shows as applied under user configuration GP objects. But still  BAT or direct mapping worked.


    • Edited by waer01 Monday, February 6, 2017 2:33 PM
    Monday, February 6, 2017 2:31 PM
  • Hi,

    If the GPO is not applied, please follow the article as below to troubleshoot it:

    10 Common Problems Causing Group Policy To Not Apply

    http://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx

    And if the GPO is applied, you could check if MS16-072 update is installed on clients and domain controllers which might cause user group policy not working, if that is the case, please use the Group Policy Management Console (GPMC.MSC) and add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO). If you are using security filtering, add the Domain Computers group with read permission. You could see details from: https://support.microsoft.com/en-sg/kb/3163622

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, February 9, 2017 1:53 AM
    Moderator