Wired 802.1x logon-scripts don't run

Similar Messages

• How do I have an exe in a logon script run as a different user (either a domain admin or even the local system account)

  So, I'm having some problems getting a logon script to work.  I need a way to deploy the agent that we use via login/startup scripts and what I have works fine if the user has admin rights, or if UAC is disabled.  I've tried to convert the .exe
  to an .msi to make it easier, but the .msi never works and it's only distributed as an .exe.  We deploy this to different clients, I can't disable UAC in their environment unless they specifically tell us to.  Can anyone think of a way around this? 
  I've been searching for days and I'm just lost.  If we could execute the file as the system account, or connect to shares using a startup script instead of logon, that would be perfect.  Basically what it does is check to see if the process for the
  agent is running (agentmon.exe) so we don't attempt to install it if it is already installed, if it's not, then it calls on a different agent installer depending on the IP address of the system (for clients that have more than one location).  Here's what
  I've got written that works for me in my test environment:
  Const strAgent1 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup1.exe"
  Const strAgent2 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup2.exe"
  Const strAgent3 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup3.exe"
  Const strFolder = "C:\Temp\"
  Const Overwrite = True
  dim objFSO, objNIC1, arrNIC, strIP, strMask, objShell, objWMIService
  dim
  'Checks for Kaseya agent process, AgentMon.exe, exits if running
  Set objWMIService = GetObject ("winmgmts:")
  Set proc = objWMIService.ExecQuery("select * from Win32_Process Where Name='agentmon.exe'")
  If proc.count > 0 Then
      WScript.Quit
  End If
  'Instantiate a NIC configuration object
  Set objNIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
  'Instantiate a shell object
  Set objShell = CreateObject("wscript.shell")
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  'Create Temp Dir if it doesn't exist
  If Not objFSO.FolderExists(strFolder) Then
      objFSO.CreateFolder strFolder
  End If
  For Each arrNIC in objNIC1
      if arrNIC.IPEnabled then
          StrIP = arrNIC.IPAddress(i)
          strMask = arrNIC.IPSubnet(i)
          Set WshNetwork = WScript.CreateObject("WScript.Network")
      end if
  next
  Function NetworkID(Address, Mask)
      Dim AddressOctets, MaskOctets, Result, N
      AddressOctets = Split(Address, ".")
      MaskOctets = Split(Mask, ".")
      ReDim Result(UBound(AddressOctets))
      For N = 0 To UBound(AddressOctets)
          Result(N) = AddressOctets(N) And MaskOctets(N)
      Next
      NetworkID = Join(Result, ".")
  End Function
  Select Case NetworkID(strIP,strMask)
      Case "192.168.0.0"
      ' Kaseya install commands for 192.168.0.0 subnet
      objFSO.CopyFile strAgent1, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup1.exe"
      Case "192.168.1.0"
      ' Kaseya install commands for 192.168.1.0 subnet
      objFSO.CopyFile strAgent2, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup2.exe"
      Case "192.168.2.0"
      ' Kaseya install commands for 192.168.2.0 subnet
      objFSO.CopyFile strAgent3, strFolder, Overwrite
      Wscript.Sleep 1*60*1000
      objShell.run "C:\Temp\Test-KcsSetup3.exe"
      Case Else
      ' Some sort of error checking. Maybe a BLAT SMTP command to send an email
  End Select
  Set objWMIService = Nothing
  Set objNIC1 = Nothing
  Set objShell = Nothing
  Set WshNetwork = Nothing
  Wscript.quit

  You need to read the documentation carefully:
  The Deploy Agents install package is created using a Configure Automatic Account Creation wizard. The wizard copies agent settings from an existing machine ID or machine ID template and generates an install package called
  KcsSetup.All settings and pending agent procedures from the machine ID you copy from—except the machine ID, group ID, and organization ID—are applied to every new machine ID created with the package.
  Including Credentials in Agent Install Packages
  If necessary, an agent install package can be created that includes an administrator
  credentialto access a customer network. Credentials are only necessary if users are installing
  packages on machines and do not have administrator access to their network. The administrator credential is encrypted, never available in clear text form, and bound to the install package.
  ¯\_(ツ)_/¯

• Group Policy Logon Script to create folder based on username, run as admin

  Hello,
  I'm at a loss as to how to make this work.  I wrote the following PowerShell script that will check to see if the currently logged in user has a folder on a share, and if not it will create the folder and set appropriate permissions.  I want to
  run it as a Group Policy Logon Script, however I need to run this script as an administrator because users don't have any write/create access at the folder level of the file share.  The problem with that then becomes $ENV:Username resolves to the admin
  account the script is running under.
  Any ideas?
  Thanks!
  Ryan
  # Declare Variables
  $strName = $env:USERNAME
  $strDomain = $env:USERDOMAIN
  If ($strDomain -eq "domain.org") {
  # Split Username into 2 variables
  $data = $strName.Split("_")
  $fname = $data[0]
  $lname = $data[1]
  #Find first character of last name
  $firstcharacter = $lname[0]
  # Figure out if last name begins with A-M or N-Z
  $A_M=$firstcharacter -match "[a-m]"
  $N_Z=$firstcharacter -match "[n-z]"
  # Checks to see if folder exists
  If ($A_M -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name A-M\$strName"}
  elseif ($N_Z -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name N-Z\$strName"}
  # Creates folder if it doesn't exist
  If (($FolderExists -eq $false) -and ($A_M -eq $true)){
  New-Item "\\staff-files.domain.org\Staff\Last Name A-M\$strName" -type directory
  $DirPath = "\\staff-files.domain.org\Staff\Last Name A-M\$strName"
  elseif (($FolderExists -eq $false) -and ($N_Z -eq $true)){
  New-Item "\\staff-files.domain.org\Staff\Last Name N-Z\$strName" -type directory
  $DirPath = "\\staff-files.domain.org\Staff\Last Name N-Z\$strName"
  ElseIf ($strDomain -eq "students.domain.org") {
  # Pull 2 digit year from username and make 4 digit year
  $4digityear = "20" + $strName.Substring(0,2)
  # Checks to see if folder exists
  $FolderExists = Test-Path "\\files.domain.org\students\$4digityear\$strName"
  # Creates folder if it doesn't exist
  If ($FolderExists -eq $false) {
  New-Item "\\files.domain.org\students\$4digityear\$strName" -type directory
  $DirPath = "\\files.domain.org\students\$4digityear\$strName"
  # Assign Permissions
  If ($FolderExists -eq $false){
  $target = $DirPath
  $acl = Get-Acl $target
  $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
  $propagation = [system.security.accesscontrol.PropagationFlags]"None"
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("CREATOR OWNER","Modify",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("NT AUTHORITY\SYSTEM","FullControl",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("administrators","FullControl",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  If ($strDomain -eq "students.hempfieldsd.org"){
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Domain Users","Modify",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Staff_Tech","FullControl",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Enterprise Admins","FullControl",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $accessrule = new-object system.security.AccessControl.FileSystemAccessRule ($strName,"FullControl",$inherit,$propagation,"Allow")
  $acl.AddAccessRule($accessrule)
  $acl.SetAccessRuleProtection($true,$false)
  $acl.SetOwner([System.Security.Principal.NTAccount]$strName)
  Set-Acl -AclObject $acl $target
  Ryan Breneman - Systems Administrator - Hempfield School District

  Thanks jrv.  That is kind of what I thought but wasn't sure.  I think I will attack this a different way and modify the script to run through all the AD accounts and check for folder existence and create if needed.  Perhaps I'll play
  with System Center Orchestrator and run it inside there.
  These folders aren't being used for profile storage, and we already have folder redirection pointing to them, however I don't want a user to login to citrix and not have anywhere to save if they didn't have a folder to redirect to.
  Folders are supposed to be created when the staff member/student AD account is created, but it doesn't always happen.
  Thanks for your help!
  Ryan Breneman - Systems Administrator - Hempfield School District

• Create a signature when a user runs their logon script.

  Hi All,
  Is it possible to add a signature by a logon script to a user? I would like to do this as I have over 80 users and going to each individual is becoming a pain. I also don't want them to know there the logos are as they could sign it fraudulently.
  When I say logon script, I mean the user runs a script to make their signature. All we need is for it to link to their Microsoft Certificate base and just have the logo that we make.
  Please help.

  Signatures cannot be on a drive. They are not dissociated from documents. Signatures reside inside signed PDFs. You probably confuse signature appearances with digital signatures. Signature appearances do reside on a hard drive.
  I can create my signature appearance that says (in the image on the page) that I am Bill Clinton. But if you open the signature panel and inspect signer's certificate you can see who the actual signer is (unless it is a self-signed certificate in which case the signer's identity is unknown). I believe that your problem is more related to misunderstanding how digital signatures work than being a real problem at all.
  Or maybe you are not using digital signatures at all and are using electronic signatures which are just stamps (or images) and you are concerned that someone can access a stamp (image) that belongs to another person and fraudulently sign with this other person's stamp (image). Well, if this is the case then only person who owns a stamp/image must have access to it. You cannot place all stamps/images for all people in one location. You need to place each in a protected location to which only this person has access (like password-protected folder). This is what signature services like EchoSign do.
  This is why I like digital signatures so much better. If you procure signer's certificate from a reputable Certificate Authority all these problems (besides signature appearance) just do not exist.

• How can I get ipconfig /setclassid running through a logon script on Vista.

  I have written a number of logon scripts to execute variations of this command at logon but it seems that it will not run for some users and they see a message
  "The requested operation requires elevation"
  Is there a way I can call this command at logon through this script?
  Obviously I cannot use the runas command as I would then need to give the users the password to enter midway through the script.

  In case you are reading this, std users need rights to change network settings. If the script is being run as the user, as in this case, you need to add the user to the network configuration group, locally to where they will log on. If this is a change on all pcs then create a group and if this is a domain change consider a group policy.Vince

• Powershell User logon script not Exiting With "Exit" scripts are set to be visible in GPO

  I am trying to run this script as a user logon script and it is set to visible to the user. There are other parts of the script but It won't ever Exit. It works fine if I run it directly I only have the trouble when it is in the logon script. I'm thinking
  of tryin "Kill -Id $PID" but I'm sure I'll get a bad return code.
  Has anyone else experienced this or hav any ideas what I could try?
  If (Test-Path U:){
  Robocopy U:\ $Destination /E /move /XF "*.inf"
  New-Item -Path HKCU:\Software\test\test -Name Test –Force
  Else{
  Exit
  Else{
  New-Item -Path HKCU:\Software\test\1 -Name Test1 –Force
  Exit       #here is where it will not stop!
  Exit

  Sorry, I did mention this was only a subset of the complete script.
  So, what I am trying to accomplish in words.
  1. Check for the existence of a certain folderon the c: Drive (that is created as apart of a different process)
  2.  Look to see if a registry key exisits that tells the script if it should run or not. So if certain registry key exists under HKCU then don't run if not continue.)
  3. The first time a user logs in and does not find the value that the process is allready complete show the user a message box aski9ng them if they are ready to do (something) if not write a registry key saying step one has completed and then quit.
  4. When the user logs in again the script looks to see if the process is complete and or if step one is complete, if step one is complete it allows the user to skip the process 2 more times but on the forth login forces the user to complete the process and
  writes the final registry key that it is complete.
  Like I say I have this all working correctly if I manually have the user run it. I just don't know why Exit is not being recognized when in the users login script processing of the script. I appreciate your reply and any direction you can point me to.

• Wired 802.1x with PEAP

  I have manage to get wired 802.1x working using Windows Active Directory as the database. With machine authentication, single-signon can be achieved.
  Setup:
  C3750 switch - Cisco ACS 3.2 - Windows AD
  Sequence of events:
  1. 802.1x machine authentication
  2. User logs in to domain
  3. 802.1x with user credentials
  But, I have the following issues:
  i. If user logs in using local account, it takes 3 minutes (default dot1x switch timers) for the port to turn unauthorized. Is it possible to place the port in unauthorized state immediately?
  ii. If the user 802.1x login has dynamic VLAN assignment, the AD scripts do not run. It seems that the AD scripts can't run if there is a change of IP address upon login (difference in VLAN for 'machine authentication' and 'user login').
  Any solution for this?
  Tks

  2 issues here:
  *Cached credentials for Microsoft supplicannts. Microsoft's authentication strategy in general reflects, and WLAN roaming would be difficult without the use of cached credentials. If cached credentials are not desired, would recommend another supplicant.
  * Falied Authentication for a local account. It should try to dot1x authenticate this user. For PEAP as an example, you would see the username as \. Now, a port will only be placed into a HELD state if a RADIUS-Reject is sent to the switch. A RADIUS-Reject will only be sent to the switch if the attempt is actually "failed" as opposed to silently discarded, packet lost in transit, etc. Taking 3 minutes to actually fail an attempt is indeed way too long, but the switch is probably doing what RADIUS is telling it to do. (this can be verified by a sniffer trace or debugs). Correspinding logs on RADIUS would help as well.

• Logon Script with Credential

  Hello everybody.
  Let me explain my problem. 
  I have a Powershell shell Logon Script for a Domain user without privileges that has to:
  Run IE as Domain user.
  When user close al IE open windows, Script have to make some process as soon as finish, script run again IE.
  The user that run the script doesn’t have any kind of access to the any drive and doesn’t have any access to any app or windows config setting, he has only access to IE through Powershell Logon Script, no more.
  I gave to user privileges as a part of the operating system through GPO.
  Well, let me show you the script before continue with the explanation: 
  Function fCredenciales([String]$FileTXT, [String]$UserIE)
                 $UsIE1       = Get-Credential -Credential $UserIE 
                $SecureIE  = $UsIE1.Password
                 $BytesIE    = ConvertFrom-SecureString $SecureIE
                 $BytesIE   | Out-File $FileTXT
  #                     SCRIPT                              
  $Folder  = "C:\Cred"
  $FileIE   = $Folder + "\IE.txt"
  $UsIE     = "Domain\User"
  If(-Not (Test-Path $Folder))
                 New-Item $Folder -Type Directory
                  fCredenciales $FileIE $UsIE
  If (-Not (Test-Path $FileIE))
                 fCredenciales $FileIE $UsIE
  $UsIETxt   = Get-Content $FileIE | ConvertTo-SecureString
  If ($UsIETxt -eq $Null)
                 fCredenciales $FileIE $UsIE
  $UsuarioIE      = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UsIE, $UsIETxt
  $MyNetwork    = Get-WMIObject Win32_NetworkAdapterConfiguration -ComputerName LocalHost | Where-Object { $_.IPAddress -ne $null } # | Select-Object IPAddress
  $MyIPAddress = $MyNetwork.IPAddress[0]
  $URL                   = "https://www.mywebpage.com/?qwerty="
  + $MyIPAddress + " -private"
  $IE                       = "C:\Program Files\Internet Explorer\iexplore.exe"
  While ($True)
      Start-Process $IE -ArgumentList $URL -ArgumentList $URL  -Credential $UsuarioIE
      $IDProcess = Get-Process -Name iexplore | ?{$_.MainWindowTitle} | %{$_.ID}
      Wait-Process -Id $IDProcess
      # Proccess 1                                             
      # Process2                                                                
  I need to execute IE as other user.
  As logon user doesn’t have drive access, he cannot read credential.
  If logon script wants to ask for credential, credential windows never shown.
  I don’t know why, but if the user hasn’t  administratives privileges
  Start-Proccess with –Credential doesn´t work, exactly as
  Wait-Process -Id $IDProcess.
  The security department wants:
  User Without any access (No drives, no menu, no nothing
  J).
  Script has to run IE as domain simple user.
  If script needs administrative privileges to run  Wait-Window the script can be run as administrative user, but not the Start-Process.
   I hope that you can understand me.
  Thanks in advanced,
  Angel Biurrun C.

  Sorry but what you seem to be trying to do is not possible.  You cannot make a user an admin by having them do something that only an admin can do.
  If your company says a user cannot have access to any drives then there is no way they can open a file on a drive they have no access to.
  The script you posted is also impossible to read.  Can you try and post it correctly.  Maybe someone can decode what you are trying to do.
  As a quick example this is how we post scripts.
  Function fCredenciales([String]$FileTXT, [String]$UserIE){
  $UsIE1=Get-Credential -Credential $UserIE
  $SecureIE=$UsIE1.Password
  $BytesIE=ConvertFrom-SecureString $SecureIE
  $BytesIE | Out-File $FileTXT
  Notice that it is readable and better indented. The eye can follow the code.  By using the code control the code becomes color keyed which makes it even more readable.
  ¯\_(ツ)_/¯

• Assign a local logon script using Group Policy

  Is there a way to assign a local logon script using Group Policy? The reason I ask is that I wrote a logon/logoff script that will record the date/time, user, and computer for everyone who logs on to any machine in the domain. Right now it's set on a domain
  GPO, so it works great for domain accounts, but I'd like to extend that functionality to local accounts as well. The only way I know how to do that would be to set my script to run using the local policy. Since I don't want to manually go around to all 400+
  machines in my domain, I would rather find a simpler way of modifying the local policy. Any ideas?

  Martin, thank you for your response. That's exactly the kind of out-of-the-box answer I was looking for, unfortunately, it looks like I can only do that for Logon scripts. I don't see an option for Logoff. (Maybe the took the Logoff functionality out?
  This article says there should be a Logoff item in the GPO, but they're talking about Windows 2000 in that article.)
  Matthias, I started playing around with what you said, and I noticed that the "Scripts" key only seems to show up on my Windows 7 clients. The XP workstations don't have that key. Plus I did some testing, and I think I can do it without having
  to mess with the registry at all.
  So I think I have a workable solution at the moment. I found
  this article that talks about copying Local Polices from one computer to another. I tried manually setting the Logon/Logoff scripts in the Local policy on a fresh machine. From that reference computer I copied the Scripts folder out of the %SYSTEMROOT%\System32\GroupPolicy\User
  directory. It also created a gpt.ini file in the %SYSTEMROOT%\System32\GroupPolicy directory. The gpt.ini file contained an attribute called gPCUserExtensionNames, and one called Version. The gPCUserExtensionNames attribute specified two GUIDs, which
  I assumed to be the GUIDs that identify the Local Policy. I tried manually creating the Local policy on several different machines, with several different Operating Systems, and those GUIDs always seemed to be the same (not sure why). So I copied the gpt.ini
  file off the reference machine as well. When I placed all of the files I copied from the reference machine on to a new machine, everything seemed to work just fine (no registry modification necessary), with one caveat. It seemed to be running the script twice.
  So I went back into the gpt.ini file and deleted one of the GUIDs listed under gPCUserExtensionNames, and now the script runs just once!
  So I think this solution will work ok for me. We don't have any other Local Policies in place, so demolishing all existing Local Policies is perfectly acceptable in my case. I'm just not sure if I'm doing any damage by copying the gpt.ini file from a reference
  machine (if anyone can expand on how that works, I would appreciate the peace of mind that I'm not making things worse by doing this). So all I need now is to write a Startup script, or an SCCM package to deliver the Logon scripts and associated ini files
  to the appropriate location on all the domain PCs. Easy enough to do on my own. If anyone knows of a reason why this method is a bad idea, please post here. I'll be testing it out on a handful of PCs in the mean time.
  Hi Guys,
  Will this solution work for my case? I have a forcereboot batch script that I need to load on the local policy (logoff script through GPEDIT) however I can only load it manually. I need to do it on multiple machines (approx 5000 computers). I am having
  trouble doing it using powershell. Is there any other options to do it? 
  Will I have to use the same GUID's you mentioned on the gpt.ini file? (gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}] since it refers to the local script and how about the version on the gpt.ini file?
  Thanks in advance.
  Dash
  https://social.technet.microsoft.com/Forums/en-US/1f636042-bcff-498d-93c0-e1aa89f80961/how-to-load-a-script-on-the-local-group-policy-on-multiple-computers?forum=mdopagpm

• GPO apply user Logon script or GPP who Wins

  hi
  i have 2 GPO's linked to a OU1 GPO with precedence 1 has a GPP setting which applies a Value 
  the 2nd GPO has a Logon script which applies a value that is different that the 1st GPO
  How does Precedence take place if both have conflicting settings.
  How can i have change Linkorder/Precedence so that GPO 1 always wins
  Who Wins the battle between Logon Script for a setting or GPP for a setting 
  Also 
  None of these GPO's apply HKLM settings 
  But even though i see following when i run ProcMon during User logon. Why is HKLM setting being set when user logon , is it not a computer logon thing
  Operation - RegSetValue
  Result - Success
  Path - HKLM\SOFTWARE\MySoftware\Licensing\1\Server
  Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.reg

  Also 
  None of these GPO's apply HKLM settings 
  But even though i see following when i run ProcMon during User logon. Why is HKLM setting being set when user logon , is it not a computer logon thing
  Operation - RegSetValue
  Result - Success
  Path - HKLM\SOFTWARE\MySoftware\Licensing\1\Server
  Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.reg
  Does the file "License.reg" contain HKLM settings ?
  Is the (user) Logon Script, launching this? : Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.reg
  If so, it's because the Logon script is simply executing what it has been configured to do.
  Group Policy Admin Templates and settings which are specific to \User Configuration\ vs. \Computer Configuration\, will only be executed "per-user" or "per-computer" - just as executing "Startup Scripts" are a per-computer thing,
  and executing "Logon Scripts" are a per-user thing - but that is only the trigger to execute - not what the executed payload might really do.
  I would also expect such a process to fail (a user would not usually have permissions to a HKLM regkey) unless the regkey security has been relaxed, or, the user logging in has admin rights or similar.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Log in scripts won't run

  hello every one 
  i'm contacting you today cause on my domain i'm trying roll out some login scripts but thy don't seem to run even when following this tutorial
  https://technet.microsoft.com/en-us/library/cc770908.aspx
  here are copies of the login script that i try to run
  this is what rns when the computer starts up or logs in
  robocopy \\serveur\MDL\MDL\ D:\MDL\ /XO /MIR
  and this is what run when the computer shuts down or logs off
  robocopy D:\MDL\ \\serveur\MDL\MDL\ /XO /MIR
  and then on another group of computers i have this script that run a the computers startup or login
  ::kill explorer
  Taskkill /IM explorer.exe /F
  ::set to server time ?
  ::net time \\server /set /yes
  ::copy background
  robocopy \\serveur\Background\ C:\background\ /XO /MIR
  :: Add the required values ​​to the registry, if these people are using a System Wallpaper.
  ::If they have always modified their wallpapers, the following lines are not necessary. "They have no habit of hurting themselves, constantly"
  REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "C:\background\pre-background.png"
  :: Modify the following line in the last number to 0 if you want to center the bitmap on the desktop.
  ::Change the last number in the following line to 2 if you wish to extend the bitmap vertically and horizontally to fit on your desktop.
  REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 2
  ::copy games
  robocopy \\serveur\Games\Riot_Games\ C:\Games\Riot_Games /XO /MIR
  robocopy \\serveur\Games\World_of_Warplanes\ C:\Games\World_of_Warplanes\ /XO /MIR
  robocopy \\serveur\Games\World_of_Tanks\ C:\Games\World_of_Tanks\ /XO /MIR
  robocopy \\serveur\Games\Dofus2\ C:\Games\Dofus2\ /XO /MIR
  robocopy \\serveur\Games\Hi-Rez_Studios\ C:\Games\Hi-Rez_Studios\ /XO /MIR
  ::launch cyberlux client
  start C:\Windows\
  the thing is that none of the scripts will i've tried adding a pause to double check that but it didn't even show up
  when i mannually run them they run fine they do they copy everything that there ment to
  i would like to able add the login scripts useing the gpo so i can control them easier
  any help would be very much appreciated
  and if you need any more info please just ask

  If the script runs manually this shouldnt be an issue
  you have probably set the GPO up incorrectly for that see this
  http://www.petri.com/setting-up-logon-script-through-gpo-windows-server-2008.htm
  How and where did you link the created GPO? does gpresult show an applied gpo?

• VBScript Logon Script to Set Users HomeDirectory/HomeDrive Attributes

  Hi all,
  I'm trying to write a logon script that checks if the user logging on has a home directory, and if not, create one. The problem I'm having is that as the script is running under the user context, they obviously don't have write permissions to AD. Is there
  any way this could work, perhaps by some sort of impersonation in the script? Alternatively if anyone has any better suggestions as to a better way to achieve this I'm more than open to suggestions!
  Here is the code I have currently if it helps;
  Set oADInfo = CreateObject("ADSystemInfo")
  sDN = oADInfo.UserName
  Set oUser = GetObject("LDAP://" & sDN)
  sUserName = oUser.sAMAccountName
  sHomeDir = oUser.homeDirectory
  If sHomeDir = "" Then
  sHomeDir = "\\fileserver\users\" & sUserName
  oUser.Put "homeDirectory", sHomeDir
  oUser.Put "homeDrive", "F:"
  oUser.SetInfo
  End If
  Many thanks,
  James

  By the way - when you set this up with GP all users can be mapped in one setting or you can map groups of users.  If you need to move users this can be easily done from GP  by just changing the location.  Windows will move all of the files.
  You can also just multi select users in ADUC and right click and set drive and folder for all in one setting.  You should use GP and not this method.
  Users cannot edit their own objects in AD.
  ¯\_(ツ)_/¯

• "A script is already running" while attempting to run more than one item

  We upgrade recently to ODT 11.2.0.3.20. Since then, attempting to run more than one item from the Solution Explorer (by selecting the items, right-clicking, and selecting "Run") results in a popup error of "Oracle Developer Tools. A script is already running". If many items are selected it results in many error messages and only a random few of the items are actually executed on the server. Also, choosing "Run On" now results in it prompting for the target database for each item selected (rather than once for all items selected like it used to). This all used to work fine in the earlier release we were using. Has anyone else run into this? Any fixes? We used to use multi-select and "Run" or "Run On" to deploy multiple items at once, but this no longer works -- doing one at a time works, but if you have hundreds of items to run, this quickly becomes unusable.
  Thanks for any insight.
  - Josh

  cshay wrote:
  I don't believe that the intention was for you to be able to run a bunch of scripts one after the other. Often there are dependencies between scripts anyway and so you you have to order them. Because we're generally deploying a large set of stored procedures (and not just one-time scripts) the order doesn't really matter -- even if a stored procedure gets created before one it depends on, once all the SPs are on the server, the ones that are "invalid" will compile correctly once you execute them.
  I think a lot of people are creating master scripts that references child scripts using the "@" sql plus syntax.... have you tried that?
  I'll give that a try as a work around. Only issue I have with that solution is every time we add or remove something from the solution, we also have to update the script.
  We are doing a lot of enhancements to our script generation in the coming year. Keep an eye out for a beta to test.
  Like I said, this used to work fine in the older versions of ODT. It seems like the new version is attempting to execute multiple items at once on the same connection simultaneously, thus resulting in the "A script is already running" error. The old version used to be smart enough to execute them one at a time -- so something changed in a more recent version to completely break "Run" and "Run On" when you have more than one item highlighted (even just highlighting 2 items and choosing "Run" runs the first item, but then gives the error for the second item).
  Christian- Josh

• Problem Windows 8 logon script not working from windows server 2008 R2

  hi there , this is third post regard this problem, here is my problem goes .....
  Is a very simple logon script for mapping drive purpose .... PLS take note Domain users can access and run this script for domain users using windows XP / WINDOWS VISTA / WINDOSWS 7 and only  users " WINDOWS 8.1 " Does NOT run
  at all . the script I put on logon script in Windows server 2008R2 group policy ... 
  @jrv :- http://social.technet.microsoft.com/profile/jrv/?ws=usercard-mini , insist said is my group policy setup problem so I post here agn...
  Manually run the script on WINDOWS 8.1 is 100 % perfect so it is definitely not my logon script issue , PLS any guidance pls share for me ok ?? thanks
  Below is my script syntax ;-
  @echo off
  REM Login.bat Version 1.0
  REM Exit if user has logged on to the Server
  IF %COMPUTERNAME%.==SL2011. GOTO END
  REM Delete pre-existing drive mappings
  REM
  REM Map M: to SL2011 on sl2011
  NET USE M: /DELETE >nul
  NET USE M: \\SL2011\sl2011 /YES >nul
  REM
  REM Map Y: to AccScan on rss2
  NET USE Y: /DELETE >nul
  NET USE Y: \\rss2\Public\AccScan /YES >nul
  REM

  Hi Tee Ee Foong,
  According to your post, the gpresult showed the GPO was applied and the script could run successfullymanully in the client. Right? Please follow the following step to narrow down
  the issue:
  1. Change the script to the following command: add 
  > %SystemDrive%\Users\test.txt to the script.
  2. Log on to a client with a regular user account, run gpupdate/force, and then re-log on to this client.
  3. Check if the test.txtfile exists in this location %SystemDrive%\Users.
  If the test.txtfile exists, the GPO with logon script is applied successfully when user logs on. But the result of running logon script achieves the goal we excepted or not which
  is still not sure.
  Regards,
  Lany Zhang

• Need a Folder Action Script to automate running of Applescripts in iTunes

  I posted this in the OSX forum but thought i'd try here too:
  I have a couple of applescripts that I have begun using on some of my podcasts. Specifically they will deselect "Skip When Shuffling" and "Remember Track Position" (Thanks Doug!). I feel like it is getting tedious to have to remember to run these scripts every time the Podcast updates a new episode. I'm looking for a folder action script that will run these applescripts whenever a new item is added to their folder. While I try to puzzle one together (having never written one) does anyone have anything to fit these needs?

  Yes.
  I recently need one to do something else.
  I'll just give you the script I am using, you can hack at will...
  property TargetPlaylist : "Library"
  on adding folder items to this_folder after receiving added_items
  repeat with each_item in added_items
  tell application "iTunes"
  add each_item to playlist TargetPlaylist
  end tell
  end repeat
  tell application "Finder"
  move every item of this_folder to the trash
  empty the trash
  end tell
  end adding folder items to
  This script when attached as a folder action will add the items dropped into it to my iTunes library, then delete them.
  You can easily tear this one apart to get what you need done.
  Beavis2084