Script not running on startup for GPO
Forget about the Startup Script in "Computer Configuration" because the script you set there is executed by the System even before anyone is logged in.
This is typically not interactive (you can add scripts to cleanup certain directories, or configure something on the computer, but you can't start an end-user application here, the app will not show but may be running in the background).
Well, you configured the Logon Script in "User Configuration" too, that's better because the scripts here are executed in the user's context, however, since Windows 8.1 the Logon Scripts don't run for five minutes after a user logs on. This is by design to speed up the loading of the user's desktop. However you can change that:
If you want the logon scripts to run at user logon without any delay, you should configure the Configure Logon Script Delay setting to Disabled in the Computer Configuration\Administrative Templates\System\Group Policy location.
But, still, this is not the preferred way of achieving what you want, as Microsoft says:
This mechanism allows administrators to perform various maintenance and management tasks on client computers, including (but not limited to) collecting diagnostic information, invoking security scans, cleaning or resetting system state, and installing tools.
you are out of scope because you don't want to "perform various maintenance and mangement tasks" with your use case.
I recommend you to deploy a Run Registry Key instead. You can still deploy that with Group Policy:
If you want to deploy this on a Computer (so that it applies to everyone logging in on the computer), then, in your GPO, go to Computer Configuration -> Preferences (not "Policies") -> Windows Settings -> Registry -> New Registry Item, and create a new REG_SZ value under the path shown in the documentation (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run), give it a meaningful Value name, and set the Value data to be the path of the executable on the computer.
If you want to deploy this setting on a per-user basis, then use the same method but on User Configuration instead of Computer Configuration (and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run instead of HKLM).
Don't forget to link the Group Policy on an O.U containing your Users if you are using User Configuration, or on a Computer O.U if you are using Computer Configuration (same for the Delegation rights, add users if you are working with User Configuration or Computers if you are working with Computer Configuration)
Related videos on Youtube
19 : 31
02 : 16
06 : 54
02 : 09
02 : 06
Anon
Updated on September 18, 2022Comments
-
Anon over 1 year
I have seen many posts on this website about something similar but none of them have had the resources to fix my issue so I will go into as much detail as I can. If I leave any information out let me know.
We have a server with an exe file on it to start an update for a software called Bluebeam. I wrote a script file to start that exe on startup and placed it in the same directory as the exe. Nothing happened when I did that, I would start up a computer that I know has delegation and run gpupdate /force to get it going and restart the computer, nothing happens. I then made it so when there was a user logon it would do the same. Same result. I made sure "enforced" was enabled, I enabled "always wait for the network at computer startup and logon," and finally I also enabled "configure scripts policy processing"
None of those helped. I looked into the script files again and I noticed that when I clicked "show files" under my GPO, the script I wanted wasn't there. So I added it manually and forced the update again, nothing.
I am only running this under a test environment right now so I am not pushing this to my domain controllers, servers, or really any users. I am pushing this to 2 different computers right now and they are not working.
I will show you photos of everything I have and if you all have any questions let me know.
Image showing GPs on the test environment
delegation to a computer called dantest, the one I am trying this with
-
Greg Askew almost 3 yearsDoes the host have the Apply Group Policy permission?
-
Anon almost 3 years@GregAskew where do I check that?
-
Anon almost 3 years@GregAskew, never mind I found it and yes it does
-
joeqwerty almost 3 yearsStartup Scripts only run at computer startup. Have you rebooted the test computers since fixing the GPO? Are the computer accounts in the Scope of Management of the GPO? -
Anon almost 3 years@joeqwerty yes to both. I have restarted the computer many times as well as forcing the group policy update through a command line. And the GPO is linked to my test environment and the DANTEST computer I am updating/restarting is delegated as a computer within the scope of my GPO
-
joeqwerty almost 3 yearsHave you verified that the script and the executable run as expected outside of the context of the GPO?
-
Anon almost 3 years@joeqwerty yep the script runs exactly as expected locally on the machine. only having problems when I try to push it our through GP
-
SamErde almost 3 yearsDoes the script / installer run silently, or does it actually launch a windowed installer application? Also, does it require any input from a user?
-
-
Anon almost 3 yearsI did what you said and made a registry, forced an update, and waited for some time and still nothing happened. With the registry is there something I need to click in order for it to activate on the computer. I clicked "apply" when I made it and then clicked ok and closed out of GP editor. Also, should I delete the other configurations I have? Thanks!
-
Swisstone almost 3 years@Nick Run this command as admin on a client computer and see if you can see your GPOgpresult /h c:\temp\report.htmlit will export a report and you'll be able to see if your policy applies to the computer or not. Additionally, can you see the registry key on the client computer -
Anon almost 3 yearsthere is nothing underneath the preferences -> windows setting tab except for drive maps. No registry or anything of the like
-
Swisstone almost 3 years@Nick If you created the registry configuration under "User Configuration", ensure the GPO is linked to an O.U containing your users. If you create the registry configuration under "Computer Configuration", ensure the GPO is linked to an O.U containing your computers.
-
Anon almost 3 yearsIt is linked and there is nothing. docs.google.com/document/d/…
-
Anon almost 3 yearsTried this. The "Read (from security filtering)" automatically applies it, each of them has the apply permission checked in the security tab already.
-
Anon almost 3 yearsAs for the ones that say "read," only the "CREATOR OWNER" user did not have apply set, I made sure it did and it did not change anything
-
SamErde almost 3 yearsWhat information does your group policy processing event log contain?
-
Anon almost 3 yearsNo errors and nothing about the update even happening. Its like there is no gpo actually getting pushed out
-
SamErde almost 3 yearsDo you have the GPO linked to the OU where the test computer lives or to the domain root?
