GPO startup script not being ran
This is a bit silly on my part, but I found out the issue. Instead of restarting through Windows, I would tap the power button to shut the machine down and tap it again to start it up.
I restarted through Windows today and I finally started getting errors in the windows logs showing me why the scripts weren't being ran (misc WiFi connection issues to the domain controller). After some troubleshooting (mainly by using a wired Ethernet connection) and proper rebooting, I got the script to run.
Related videos on Youtube
09 : 10
19 : 31
06 : 54
02 : 09
17 : 20
Adam H.
Updated on September 18, 2022Comments
-
Adam H. almost 2 years
I am unable to get a GPO to run a script on startup. The script creates a shared folder on each machine in a group of windows 8 machines. The script itself works great, but attaching it to a GPO is giving me a problem. Even after gpupdate /force commands and several restarts I can't get the scripts to run.
Here's what I know:
- RSOP shows that the GPO with the script is being applied
- GPResult states that the script has not yet been ran (after several reboots)
- There's no related events in the computer's application or system event logs
- Executing the script on its own works great
- Using psexec to run the script using SYSTEM credentials works as well
- Moving the scripts from a network share to a local folder (C:\GPOFiles\ for example) made no diffence, the GPO still did not execute the scripts.
- I've tried using other, simpler, scripts just to see if it was a problem with the script in question and they would not run either
- I can run it as a logon script, but I would rather apply this to machines, not users, if possible
I'm not sure how to troubleshoot this, any ideas?
Heads up, I'm somewhat new to group policies, so its possible I missed something obvious.
EDIT:
I've also tried creating the GPOs from both a windows 7 box and a windows 8 box with the same results. The domain controllers are windows server 2008.
Here is the script I'm trying to run. :
'========================================================================== 'ShareSetup.vbs '========================================================================== Option Explicit Const FILE_SHARE = 0 Const MAXIMUM_CONNECTIONS = 25 Dim strComputer Dim objWMIService Dim objNewShare strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set objNewShare = objWMIService.Get("Win32_Share") Call sharesec ("C:\Shared", "Shared", "Work Center Share", "Domain Users") Sub sharesec(Fname,shr,info,account) 'Fname = Folder path, shr = Share name, info = Share Description, account = account or group you are assigning share permissions to Dim FSO Dim Services Dim SecDescClass Dim SecDesc Dim Trustee Dim ACE Dim Share Dim InParam Dim Network Dim FolderName Dim AdminServer Dim ShareName FolderName = Fname AdminServer = "\\" & strComputer ShareName = shr Set Services = GetObject("WINMGMTS:{impersonationLevel=impersonate,(Security)}!" & AdminServer & "\ROOT\CIMV2") Set SecDescClass = Services.Get("Win32_SecurityDescriptor") Set SecDesc = SecDescClass.SpawnInstance_() 'Set Trustee = Services.Get("Win32_Trustee").SpawnInstance_ 'Trustee.Domain = Null 'Trustee.Name = "EVERYONE" 'Trustee.Properties_.Item("SID") = Array(1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0) Set Trustee = SetGroupTrustee("LM", account) 'Replace ACME with your domain name. 'To assign permissions to individual accounts use SetAccountTrustee rather than SetGroupTrustee Set ACE = Services.Get("Win32_Ace").SpawnInstance_ ACE.Properties_.Item("AccessMask") = 2032127 ACE.Properties_.Item("AceFlags") = 3 ACE.Properties_.Item("AceType") = 0 ACE.Properties_.Item("Trustee") = Trustee SecDesc.Properties_.Item("DACL") = Array(ACE) Set Share = Services.Get("Win32_Share") Set InParam = Share.Methods_("Create").InParameters.SpawnInstance_() InParam.Properties_.Item("Access") = SecDesc InParam.Properties_.Item("Description") = "Public Share" InParam.Properties_.Item("Name") = ShareName InParam.Properties_.Item("Path") = FolderName InParam.Properties_.Item("Type") = 0 Share.ExecMethod_ "Create", InParam End Sub Function SetAccountTrustee(strDomain, strName) set objTrustee = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Trustee").Spawninstance_ set account = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_Account.Name='" & strName & "',Domain='" & strDomain &"'") set accountSID = getObject("Winmgmts:{impersonationlevel=impersonate}!root/cimv2:Win32_SID.SID='" & account.SID &"'") objTrustee.Domain = strDomain objTrustee.Name = strName objTrustee.Properties_.item("SID") = accountSID.BinaryRepresentation set accountSID = nothing set account = nothing set SetAccountTrustee = objTrustee End FunctionTo the best of my knowledge, the GPO hasn't even touched the script. For the sake of science, I've also tried the following script and it wasn't ran either:
Dim oShell Set oShell = WScript.CreateObject ("WScript.Shell") oShell.run "subst z: ""C:\Shared"""Here's how I configured these scripts to run in the GPO:
-
kralyk over 9 yearswell ok then... :)
