none
Windows 2003 AD to Windows 7/8 GPO Shortcut/Link Creation Issues

    Question

  • Hello.

    In the midst of upgrading a client's AD from 2003 to 2008, in a mixed-mode environment. The core DC/GC is on Windows 2003 level still and the majority of all clients are on Windows 7/8 already.

    Have several DC's that are on Windows Server 2008R2/2012, however, the GPO's are giving me a bit of a headache. Using the Windows 2003 DC to create a new GPO for a simple login script to copy a shortcut/link from the scripts (netlogon policies) dir to the '%userprofile%\Desktop' (note, %username% is not being used in the scripts, since that's 2003/XP, etc.) and assigning a group of AD users to that policy for login, the script does not create anything on the Desktop, as desired.

    However, we have old TermServers that are on 2003 as well and using roaming profiles that are loaded off of a domain UNC share for each user for their Desktop\Documents, etc., looking at those TS dirs, it appears that they are getting the link created using the GPO, just not the standalone clients with independent systems (Win7/8).

    Running the scripts (old-school DOS batch files and .VBS scripts) outright (double-click), creates the desired shortcuts all day long, just not via GPO's.

    Created a new GPO, added my Scope of users, set the Settings as [User Config:Policies:Windows Settings:Scripts->Logon] and pointing to my favorite .VBS/.bat to do the job.

    Created it, gpupdate and log off/on, nada.

    Is this a Windows 2003 AD level and the fact that clients are Win7/8, causing this interesting effect?

    Please advise. Thanks.


    NSI, IT.

    Tuesday, June 30, 2015 12:25 AM

Answers

  • Thanks all. I've figured it out.

    Keith, I was using a Win2008R2/WindowsServer2012R2 DC to do this, so yes, RSAT was taken care of at that point.


    NSI, IT.

    Tuesday, June 30, 2015 5:06 PM

All replies

  • Does the same thing happen if you create the GPO from one of the 2012 DCs instead?

    Windows 7/8 machines have new group policy settings available to them (and a newer format for the templates), and I believe some of the old 2003 ones are even deprecated or no longer used. Fortunately the GPO settings are independent of the AD functionality level, so if you create a GPO from a newer AD server you'll see the newer settings available and they'll be replicated by all of the AD servers, including the 2003 ones, you just can't edit them in 2003.

    That's why if you look for posts relating to adding GPO's for Win7/8 settings via a totally 2003 AD environment you'll see answers directing people to install the Remote Server Administration Tools (RSAT) on one of the client machines, and to use that to create the deploy the GPO rather than the 2003 server. But since you already have newer AD servers you can achieve the same thing by doing it from them instead.

    Tuesday, June 30, 2015 6:11 AM
  • > Created it, gpupdate and log off/on, nada.
     
    Is your GPO applied at all???
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Tuesday, June 30, 2015 11:40 AM
  • Thanks all. I've figured it out.

    Keith, I was using a Win2008R2/WindowsServer2012R2 DC to do this, so yes, RSAT was taken care of at that point.


    NSI, IT.

    Tuesday, June 30, 2015 5:06 PM