View original (French)

GPO denied

Etudiant_Informatique Posted messages 94 Status Member -  
Etudiant_Informatique Posted messages 94 Status Member -
Hello,

I am desperately trying to implement a GPO on my domain controller server.
I need to run a script at the logon of all users.
I created a new group policy where I placed the logon script in the user configuration - Windows settings - scripts - logon.
I ran a gpupdate on the client machine and when logging in, my script doesn't run.
I checked the users associated with this policy, the entire domain is included (which is what I want) and I added my session as well.
Despite all this, nothing works...
With the gpresult command, I noticed this message:
Group policy objects were not applied because they were denied.
Could you please help me get out of this mess?
Thank you in advance!

Configuration: Windows XP / Firefox 5.0

6 answers

  1.
    Etudiant_Informatique Posted messages 94 Status Member 13
     
    But for me, it's more like this:

    \WINDOWS\SYSVOL\sysvol\domain.local\scripts\test.bat
    Here is the directory for the scripts that run via the properties of a user in AD and then in the profile tab.
    When I do it like this, the script runs.
    But if I set this path through a group policy so that all my AD users run the script, I get a message (via gpresult):
    Group policy objects were not applied because they were denied.
    2
    1. Sebbonard Posted messages 455 Status Member 171
       
      So try to place the script call as below in your GPO
      (replacing \WINDOWS\SYSVOL\ with \\domain.local\) :

      \\domain.local\sysvol\domain.local\scripts\test.bat
      0
    2. Etudiant_Informatique Posted messages 94 Status Member 13
       
      I put it in: 

      C:\domaine.ad\sysvol\domaine.ad\scripts

      The problem is still the same.
      I can access it through a user session, but when I run the .bat, I get a message saying: 

      CMD.EXE was started with the path as the current directory. UNC paths are not supported. Using the default Windows directory.
      0
  2. Sebbonard Posted messages 455 Status Member 171
     
    Hello,

    The script is located on the server. Have you checked the read permissions for the folder where it is located?
    1
  3. Etudiant_Informatique Posted messages 94 Status Member 13
     
    Yes, all users in the domain have read and execute rights.
    It's often a permissions issue, but I don't see where it could be stuck!
    The nslookup command correctly returns my DNS...

    With the rsop.msc command, I get the same structure as on my server with my .bat in the logon scripts.
    But it still doesn't run at logon...
    1
  4. Sebbonard Posted messages 455 Status Member 171
     
    And is the directory properly shared?

    Are you able to run the .bat after logging in using the same path as in the GPO?
    1
  6. Etudiant_Informatique Posted messages 94 Status Member 13
     
    Thank you for your help!

    Yes, I can run the .bat after logging in.
    I also tried placing it in the directory C:\WINDOWS\SYSVOL\sysvol\domain-name\scripts
    This directory is used when you set a script to run at login in the profile tab with Active Directory.
    This directory is accessible, and when you go through Active Directory -> User -> Profile -> Login
    and place a .bat there, it is indeed executed!
    I'm stumped as to how to solve this problem...
    1
  7. Sebbonard Posted messages 455 Status Member 171
     
    In your GPO, do you put the script with a path like this?

    \\tondomain.local\Sysvol\scripts\tonscript.bat

    OR

    \\tondomain.local\Sysvol\tondomain.local\scripts\tonscript.bat

    depending on the configuration.
    1