ITT: Network Admins

[jeffro]

i know theres a few IT guys on here so i thought id give it a go:

 

im having issues setting up a security policy that runs a simple logon script. im wondering if there isnt an issue in the setup of our domain controllers thats resulting in the scripts not executing properly.

 

Script is a batch file that simply pulls a .DAT file off the server and puts it into their application data folder to update the parent server in Symantec AV.

 

I can run the script on the client machines locally, and it works fine, pulls the file from the server as it should, drops it in the appropriate directory, and closes out.

 

when trying to push it out through GPO, the script fails to execute.

 

I created a new GPO, selected user config, logon/logoff, and logon scripts.

i first clicked the show files button, and pasted my batch file into that folder. then for script name pointed to that file in that folder.(not really necessary).

For the GPO properties i gave System, Authenticated users, and Domain users all full control of the GPO. I also granted permissions on the batch file itself for the Groups above.

 

For some reason it just wont execute. does anyone have any idea?

 

worlds simplest script:

copy "I:\grc.dat\grc.dat" "C:\Documents and Settings\All Users\application settings"

 

been searching for the cause all morning, with no luck. Could it be the folder name of where the .DAT file is located? not sure if you can have a period in the folder name.

[jeffro]

Edit: cant be the host dir as it works just fine running it locally.

[AWW$HEEET]

make sure the remote systems have access to that folder path.

 

also gpupdate /force on the remote machine

[jeffro]

make sure the remote systems have access to that folder path.

 

also gpupdate /force on the remote machine

 

were running a windows 2000 server here so gpupdate doesnt work.

plus not interested in doing that on 100+ machines.

 

havnt had much luck with secedit either.

 

the folder is a shared folder. like i said, it executes and works fine when you click on the batch file on the client.

[Slowbalt]

Gotta check the specs on the endline girder. The rotary cuff is out of whack again.

 

That should take care of it.

[Second Gen]

Assume you have a log in script setting the drive variable (I: drive) on the end points

 

Secondly agree the grc.dat as a folder is a bad idea (Especially of you have some odd GPO settings)

 

Also not sure if your credential's have rights to launch the file on the local

server/workstations (Do you have Admin rights on the machines executing the dat file update?

 

Lastly - Fully qualifying the path instead of the "I:" drive.. Example \\Servername.domain.net\share location\file.exe (Or dat)

[Second Gen]

Oh yeah have you looked @ the event logs on the server and workstations (Security for permissions or file not found)?

[AWW$HEEET]

+1 if the script works its likely a security/trust/permissions issue. check event security logs on local host.

[jeffro]

dave -There is nothing pertaining to my script in the event logs on the client machine.

 

Yes, i have full administration access to every machine in the network.

 

Dave- Yes, there is a logon script set in the user profile that maps a series of drives. im tempted to just add this line of text into that script and be done with it, but i dont want to do it that way.

 

i feel it is a permissions error, but ive tried just about every combination of user/computer groups possible. im wondering if its just a refresh issue.

[jeffro]

Gotta check the specs on the endline girder. The rotary cuff is out of whack again.

 

That should take care of it.

 

i laffed.

[gamereric1]

What version of Windows Server are you running?

[jeffro]

were running a windows 2000 server here so gpupdate doesnt work.

plus not interested in doing that on 100+ machines.

 

havnt had much luck with secedit either.

 

the folder is a shared folder. like i said, it executes and works fine when you click on the batch file on the client.

 

What version of Windows Server are you running?

 

as previously stated.

[Second Gen]

OK - GPO's @ my place happens every 45 minutes (and asume the gpupdate is not an issue).

 

Have you looked @ the logs in A/D to see if the GPO is erroring out on the script (Also if the files are getting to the workstation?)

 

Lastly maybe if the GPO deal does not work maybe look into the console for the A/V.. We use McAfee and they console does all the dat and superdats automatically. That is how I would make it go (Most of the consoles are free with the subscription from the vendor)

 

gl Jeff

[AWW$HEEET]

yeah if you are running any host HIPS or firewall, unlock that shit.

[Mensan]

 

Also,

[unfunnyryan]

 

That.

 

That just hurt. So bad. I literally felt my brain cringe.