Windows Group Policy Startup script is not executed at startup

windows-server-2008 amazon-ec2 group-policy scripting startup
11,362

Solution 1

Start with "Resultant Set of Policy" (rsop.msc) and see if the GPO containing your script is being processed. Most often, I find, problems with policy application end up being a discrepancy between the sysadmin's understanding of where to link a GPO and how the list of GPOs that apply to a given user or computer are actually calculated by the OS.

If the GPO is being processed but the script isn't executing I'd check to see that the permissions set on the script allow the computer account of the subject computer to read / execute the script and that the path referenced in the GPO resolves properly on the subject computer.

Edit:

You're looking in the wrong place in the Resultant Set of Policy tool. "Software Settings" is the place in Group Policy where software can be "force" installed. You're interested in "Computer Settings / Windows Settings / Scripts (Startup/Shutdown)".

I'd be most interested to see if the GPO where you've specified the script is listed on the "General" tab of the "Properties" of the "Computer Settings" node in RSoP. I suspect that you're going to find that the GPO isn't listed there and, as such, isn't being processed.

Where did you link the GPO you created that specifies the Startup Script?

Edit 2:

So, you're seeing your script's path under the "Scripts (Startup/Shutdown)" node in RSoP. You should have an "Last Executed" column there. If there's a date / time listed there then the Group Policy client has attempted to execute your script. If there's no time listed then it hasn't attempted to execute it.

Hopefully you've looked at the Application Event Log and verified that there aren't any errors being logged re: executing the script. If you haven't, look there.

Assuming the script is being executed I'd consider adding a line to leave some kind of "mark" on the computer to positively verify that the script is executing. Something like an echo foo > %TEMP%\foo.txt would give you a file in the system-wide %TEMP% directory (typically "C:\WINDOWS\TEMP") that could tell you, conclusively, if the script is executing. I'm beginning to suspect that your script is executing but that the computer's SYSTEM context isn't able to access the EXE's you're trying to execute for some reason.

Solution 2

Since you won't be logged in when the script executes, it won't have the same environment you have when you are logged in. %variables may not work, etc. Make sure all the paths are local full paths, as it won't have access to network resources due to it running under the computer account as Evan mentioned.

If you're only running this on one machine, consider using Scheduled Tasks rather then GPO which has better logging for things like this, and you can run it as a user account of your choosing. You can even push Scheduled Tasks (and the .cmd itself) to computers through GPO's using Group Policy Preferences.

Share:
11,362

Related videos on Youtube

Jan Vojtěch Vaníček
Author by

Jan Vojtěch Vaníček

Updated on September 17, 2022

Comments

  • Jan Vojtěch Vaníček
    Jan Vojtěch Vaníček over 1 year

    I have written a .cmd file which calls ten different .exe files. I am able to run this .cmd file locally, on my server, and it works fine.

    When I use [gpedit.msc] (Group Policy Editor) for "Computer Configuration, Windows Settings" and set my .cmd file as a startup script, it seems to be okay.

    When I reboot my server, the startup script is never called. I cannot figure out why. My goal is for this script to execute everytime I start up my server. (not login).

    This server I am testing on is not the Domain Controller. I am unsure if that is related to the problem? Help?

    p.s. these are EC2 Amazon cloud servers. A pain in my side.

  • Jan Vojtěch Vaníček
    Jan Vojtěch Vaníček about 13 years
    I ran [rsop.msc]. "Computer Configuration - Windows Settings - Scripts - Startup" and it does exist in RSOP. It is a filepath to my script, which does in fact exist there on the harddrive. I looked at the General tab settings for "Computer Configuration" and you're right, my policy does not exist. To set up my GPO, all I did was run gpedit.msc and added it to the startup folder. Is there anything I am missing to register it? And no errors in Application Event log. Also the RSOP shows "Last Executed" as yesterday at 3:45 PM.
  • Bret Fisher
    Bret Fisher about 13 years
    Look for the GUI named the same in the start menu. Just create a new task in the root and the built-in help should be self explanatory. Let us know if it works.
  • Spence
    Spence about 13 years
    @Devtron: Okay-- you added it to the local group policy. You didn't really create a GPO, you just edited one that exists on every computer by default (and is applied behind all other GPOs). Since you're seeing the script path in RSoP the script is being set to execute on startup. Based on everything you're saying it should be executing. I'm getting really suspicious that the script is executing but that permissions are preventing the script from doing what you want it to. Remember that the script runs as the computer's SYSTEM context when it does execute.
  • Jan Vojtěch Vaníček
    Jan Vojtěch Vaníček about 13 years
    I believe your hunch is correct. I added the dos command to output text to a file, and the file is now there (when the server starts up). This leads me to believe my relative paths are incorrect. Thanks for helping me on this, you rock!
  • Jan Vojtěch Vaníček
    Jan Vojtěch Vaníček about 13 years
    For this scenario, what would you recommend to use to replace this command? (I have ten of these): start "My title here..." /D "C:\MyFolder\Publish\MyDirectory" "MyExecutable.exe" "..\..\config\virtual.wfc"
  • Spence
    Spence about 13 years
    @Devtron: I'd be wary of the relative path on the command-line for "MyExecutable.exe". I'd go for specifying the absolute path if you can get away with it. I'd also specify the absolute path for "MyExecutable.exe", too.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Change/Force Left-handed Mouse settings via GPO, or other ways
Configuring group policy to bypass proxy server for local addresses and adding a domain to trusted root certificate authorities
Should I run fsck on boot for an amazon ec2 image?
Exclude site from Compability View policy
Remove delete permission for active directory group in Microsoft 2008 Server R2
powershell script that outputs date of the day as a file name
Task Scheduler : Logon as Batch Job Rights
Allowing web access to an Amazon EC2 Windows Server 2008 instance running Tomcat+application?
Show Mail Control Panel item from Outlook 2010 (32-bit)on Windows 2008R2 Terminal Server
Default Domain Policy Overriding Custom GPO even though Custom GPO is Enforced