Can't run batch files from server, Users do not have permission to access file
Move your batch file to \\DomainController\Netlogon and then in the GPO browse to that path and use that .bat file for the logoff script.
That should fix any permissions issues.
If you have lots of DC's you can set the path to the batch file in the GPO to \\%LOGONSERVER%\NETLOGON\copyNinite.bat
Then it will use whatever DC authenticated them as the path to the batch file, which should be local to their site.
Hope that helps.
Related videos on Youtube
01 : 45
27 : 51
04 : 09
09 : 40
01 : 54
ASGJim
Updated on September 18, 2022Comments
-
ASGJim almost 2 years
We're trying to run some logon / logoff scripts on server 2008r2 domain controller. The script is located in the default group policy logoff directory
\\domain.local\SysVol\domain.local\Policies\{guid}\User\Scripts\LogoffNothing was happening at log off so we finally realized the script wasn't running at all. I copied the script to my local machine and ran it, and it runs fine (regular authenticated user account).
I then tried to access the directory through file explorer which I can. However I could not run the batch file. I receive the error
"Windows cannot access(\location of file) You do not have permission to access(\location of file) Contact your network administrator to request access."
If I right click and runas admin it works fine. I haven't mentioned what's in the batch file because it doesn't seem to matter. I created a logon script the same way called test.bat. It only contains
echo Hello pauseAgain, this does not work in the users scripts folder, or in any share for that matter. I put it in a test share on our file server and I get the same error. If I run the batch file through command prompt it also works fine.
Also, the group policy is being applied and there are no error logs on the workstation event viewer.
Lastly, I've tried giving my domain user account more privileges on the file itself and it still won't run. Only the domain admin can run the file.
Any thoughts?
-
MikeAWood over 11 yearsare there any spaces in the path/filename? maybe its not that it can't access it, but rather that it doesn't know where the script is... -
MDMarra over 11 yearsPlease provide the full path to the file including the script name, how it is actually linked in the GPO (a screen shot is fine), and the actual contents of the batch file in question, please. -
ASGJim over 11 yearsOK I'll answer as best I can. The full path to the script is - \\mydomain.local\SysVol\mydomain.local\Policies\{474F4106-3569-47BB-AC1A-75E4C4381C28}\User\Scripts\Logoff\copyNinite.bat It is linked at the top of a test container of which my user and computer are in. Contents are 'code'
-
ASGJim over 11 yearsSorry I'm new to this site. Here is my full comment: OK I'll answer as best I can. The full path to the script is - \\mydomain.local\SysVol\mydomain.local\Policies\{474F4106-3569-47BB-AC1A-75E4C4381C28}\User\Scripts\Logoff\copyNinite.bat It is linked at the top of a test container of which my user and computer are in. Is there a way to upload files to this post? Contents are
echo Copying ninite mkdir C:\temp mkdir C:\temp\ninite echo STARTING pause robocopy /xo /"\companyfs01\shared data\IT\SoftwareUpdate\/" \temp\ninite\ NiniteOne.exe
-
-
ASGJim over 11 yearsI tested this after turning off UAC and rebooting on my workstation. Same issue, although now the error is slightly different - "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."