Wired 802.1x logon-scripts don't run
I tested wired 802.1x authentication with a XP-client and a Cat 2960 switch. The authentication are configured with PEAP and MS-ChAP V2. The 802.1x authentication works well.
The problem is that the 802.1x authentication starts after the windows logon. Due this problem, the logon script don't run.
How can I force the 8021.x authentication befor the windows login starts?
Regards
Pascal
With the XP-Client, this cannot be forced. You need to enable machine authentication. This way, network access is granted with machine credentials by the time the user logs on, and 802.1X authentication occurs during the user logon event.
Hope this helps,
Similar Messages
-
So, I'm having some problems getting a logon script to work. I need a way to deploy the agent that we use via login/startup scripts and what I have works fine if the user has admin rights, or if UAC is disabled. I've tried to convert the .exe
to an .msi to make it easier, but the .msi never works and it's only distributed as an .exe. We deploy this to different clients, I can't disable UAC in their environment unless they specifically tell us to. Can anyone think of a way around this?
I've been searching for days and I'm just lost. If we could execute the file as the system account, or connect to shares using a startup script instead of logon, that would be perfect. Basically what it does is check to see if the process for the
agent is running (agentmon.exe) so we don't attempt to install it if it is already installed, if it's not, then it calls on a different agent installer depending on the IP address of the system (for clients that have more than one location). Here's what
I've got written that works for me in my test environment:
Const strAgent1 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup1.exe"
Const strAgent2 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup2.exe"
Const strAgent3 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup3.exe"
Const strFolder = "C:\Temp\"
Const Overwrite = True
dim objFSO, objNIC1, arrNIC, strIP, strMask, objShell, objWMIService
dim
'Checks for Kaseya agent process, AgentMon.exe, exits if running
Set objWMIService = GetObject ("winmgmts:")
Set proc = objWMIService.ExecQuery("select * from Win32_Process Where Name='agentmon.exe'")
If proc.count > 0 Then
WScript.Quit
End If
'Instantiate a NIC configuration object
Set objNIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
'Instantiate a shell object
Set objShell = CreateObject("wscript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Create Temp Dir if it doesn't exist
If Not objFSO.FolderExists(strFolder) Then
objFSO.CreateFolder strFolder
End If
For Each arrNIC in objNIC1
if arrNIC.IPEnabled then
StrIP = arrNIC.IPAddress(i)
strMask = arrNIC.IPSubnet(i)
Set WshNetwork = WScript.CreateObject("WScript.Network")
end if
next
Function NetworkID(Address, Mask)
Dim AddressOctets, MaskOctets, Result, N
AddressOctets = Split(Address, ".")
MaskOctets = Split(Mask, ".")
ReDim Result(UBound(AddressOctets))
For N = 0 To UBound(AddressOctets)
Result(N) = AddressOctets(N) And MaskOctets(N)
Next
NetworkID = Join(Result, ".")
End Function
Select Case NetworkID(strIP,strMask)
Case "192.168.0.0"
' Kaseya install commands for 192.168.0.0 subnet
objFSO.CopyFile strAgent1, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup1.exe"
Case "192.168.1.0"
' Kaseya install commands for 192.168.1.0 subnet
objFSO.CopyFile strAgent2, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup2.exe"
Case "192.168.2.0"
' Kaseya install commands for 192.168.2.0 subnet
objFSO.CopyFile strAgent3, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup3.exe"
Case Else
' Some sort of error checking. Maybe a BLAT SMTP command to send an email
End Select
Set objWMIService = Nothing
Set objNIC1 = Nothing
Set objShell = Nothing
Set WshNetwork = Nothing
Wscript.quitYou need to read the documentation carefully:
The Deploy Agents install package is created using a Configure Automatic Account Creation wizard. The wizard copies agent settings from an existing machine ID or machine ID template and generates an install package called
KcsSetup.All settings and pending agent procedures from the machine ID you copy from—except the machine ID, group ID, and organization ID—are applied to every new machine ID created with the package.
Including Credentials in Agent Install Packages
If necessary, an agent install package can be created that includes an administrator
credentialto access a customer network. Credentials are only necessary if users are installing
packages on machines and do not have administrator access to their network. The administrator credential is encrypted, never available in clear text form, and bound to the install package.
¯\_(ツ)_/¯ -
Group Policy Logon Script to create folder based on username, run as admin
Hello,
I'm at a loss as to how to make this work. I wrote the following PowerShell script that will check to see if the currently logged in user has a folder on a share, and if not it will create the folder and set appropriate permissions. I want to
run it as a Group Policy Logon Script, however I need to run this script as an administrator because users don't have any write/create access at the folder level of the file share. The problem with that then becomes $ENV:Username resolves to the admin
account the script is running under.
Any ideas?
Thanks!
Ryan
# Declare Variables
$strName = $env:USERNAME
$strDomain = $env:USERDOMAIN
If ($strDomain -eq "domain.org") {
# Split Username into 2 variables
$data = $strName.Split("_")
$fname = $data[0]
$lname = $data[1]
#Find first character of last name
$firstcharacter = $lname[0]
# Figure out if last name begins with A-M or N-Z
$A_M=$firstcharacter -match "[a-m]"
$N_Z=$firstcharacter -match "[n-z]"
# Checks to see if folder exists
If ($A_M -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name A-M\$strName"}
elseif ($N_Z -eq $true){$FolderExists = Test-Path "\\staff-files\staff\Last Name N-Z\$strName"}
# Creates folder if it doesn't exist
If (($FolderExists -eq $false) -and ($A_M -eq $true)){
New-Item "\\staff-files.domain.org\Staff\Last Name A-M\$strName" -type directory
$DirPath = "\\staff-files.domain.org\Staff\Last Name A-M\$strName"
elseif (($FolderExists -eq $false) -and ($N_Z -eq $true)){
New-Item "\\staff-files.domain.org\Staff\Last Name N-Z\$strName" -type directory
$DirPath = "\\staff-files.domain.org\Staff\Last Name N-Z\$strName"
ElseIf ($strDomain -eq "students.domain.org") {
# Pull 2 digit year from username and make 4 digit year
$4digityear = "20" + $strName.Substring(0,2)
# Checks to see if folder exists
$FolderExists = Test-Path "\\files.domain.org\students\$4digityear\$strName"
# Creates folder if it doesn't exist
If ($FolderExists -eq $false) {
New-Item "\\files.domain.org\students\$4digityear\$strName" -type directory
$DirPath = "\\files.domain.org\students\$4digityear\$strName"
# Assign Permissions
If ($FolderExists -eq $false){
$target = $DirPath
$acl = Get-Acl $target
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("CREATOR OWNER","Modify",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("NT AUTHORITY\SYSTEM","FullControl",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("administrators","FullControl",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
If ($strDomain -eq "students.hempfieldsd.org"){
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Domain Users","Modify",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Staff_Tech","FullControl",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ("DOMAIN\Enterprise Admins","FullControl",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$accessrule = new-object system.security.AccessControl.FileSystemAccessRule ($strName,"FullControl",$inherit,$propagation,"Allow")
$acl.AddAccessRule($accessrule)
$acl.SetAccessRuleProtection($true,$false)
$acl.SetOwner([System.Security.Principal.NTAccount]$strName)
Set-Acl -AclObject $acl $target
Ryan Breneman - Systems Administrator - Hempfield School DistrictThanks jrv. That is kind of what I thought but wasn't sure. I think I will attack this a different way and modify the script to run through all the AD accounts and check for folder existence and create if needed. Perhaps I'll play
with System Center Orchestrator and run it inside there.
These folders aren't being used for profile storage, and we already have folder redirection pointing to them, however I don't want a user to login to citrix and not have anywhere to save if they didn't have a folder to redirect to.
Folders are supposed to be created when the staff member/student AD account is created, but it doesn't always happen.
Thanks for your help!
Ryan Breneman - Systems Administrator - Hempfield School District -
Create a signature when a user runs their logon script.
Hi All,
Is it possible to add a signature by a logon script to a user? I would like to do this as I have over 80 users and going to each individual is becoming a pain. I also don't want them to know there the logos are as they could sign it fraudulently.
When I say logon script, I mean the user runs a script to make their signature. All we need is for it to link to their Microsoft Certificate base and just have the logo that we make.
Please help.Signatures cannot be on a drive. They are not dissociated from documents. Signatures reside inside signed PDFs. You probably confuse signature appearances with digital signatures. Signature appearances do reside on a hard drive.
I can create my signature appearance that says (in the image on the page) that I am Bill Clinton. But if you open the signature panel and inspect signer's certificate you can see who the actual signer is (unless it is a self-signed certificate in which case the signer's identity is unknown). I believe that your problem is more related to misunderstanding how digital signatures work than being a real problem at all.
Or maybe you are not using digital signatures at all and are using electronic signatures which are just stamps (or images) and you are concerned that someone can access a stamp (image) that belongs to another person and fraudulently sign with this other person's stamp (image). Well, if this is the case then only person who owns a stamp/image must have access to it. You cannot place all stamps/images for all people in one location. You need to place each in a protected location to which only this person has access (like password-protected folder). This is what signature services like EchoSign do.
This is why I like digital signatures so much better. If you procure signer's certificate from a reputable Certificate Authority all these problems (besides signature appearance) just do not exist. -
How can I get ipconfig /setclassid running through a logon script on Vista.
I have written a number of logon scripts to execute variations of this command at logon but it seems that it will not run for some users and they see a message
"The requested operation requires elevation"
Is there a way I can call this command at logon through this script?
Obviously I cannot use the runas command as I would then need to give the users the password to enter midway through the script.In case you are reading this, std users need rights to change network settings. If the script is being run as the user, as in this case, you need to add the user to the network configuration group, locally to where they will log on. If this is a change on all pcs then create a group and if this is a domain change consider a group policy.Vince
-
Powershell User logon script not Exiting With "Exit" scripts are set to be visible in GPO
I am trying to run this script as a user logon script and it is set to visible to the user. There are other parts of the script but It won't ever Exit. It works fine if I run it directly I only have the trouble when it is in the logon script. I'm thinking
of tryin "Kill -Id $PID" but I'm sure I'll get a bad return code.
Has anyone else experienced this or hav any ideas what I could try?
If (Test-Path U:){
Robocopy U:\ $Destination /E /move /XF "*.inf"
New-Item -Path HKCU:\Software\test\test -Name Test –Force
Else{
Exit
Else{
New-Item -Path HKCU:\Software\test\1 -Name Test1 –Force
Exit #here is where it will not stop!
ExitSorry, I did mention this was only a subset of the complete script.
So, what I am trying to accomplish in words.
1. Check for the existence of a certain folderon the c: Drive (that is created as apart of a different process)
2. Look to see if a registry key exisits that tells the script if it should run or not. So if certain registry key exists under HKCU then don't run if not continue.)
3. The first time a user logs in and does not find the value that the process is allready complete show the user a message box aski9ng them if they are ready to do (something) if not write a registry key saying step one has completed and then quit.
4. When the user logs in again the script looks to see if the process is complete and or if step one is complete, if step one is complete it allows the user to skip the process 2 more times but on the forth login forces the user to complete the process and
writes the final registry key that it is complete.
Like I say I have this all working correctly if I manually have the user run it. I just don't know why Exit is not being recognized when in the users login script processing of the script. I appreciate your reply and any direction you can point me to. -
I have manage to get wired 802.1x working using Windows Active Directory as the database. With machine authentication, single-signon can be achieved.
Setup:
C3750 switch - Cisco ACS 3.2 - Windows AD
Sequence of events:
1. 802.1x machine authentication
2. User logs in to domain
3. 802.1x with user credentials
But, I have the following issues:
i. If user logs in using local account, it takes 3 minutes (default dot1x switch timers) for the port to turn unauthorized. Is it possible to place the port in unauthorized state immediately?
ii. If the user 802.1x login has dynamic VLAN assignment, the AD scripts do not run. It seems that the AD scripts can't run if there is a change of IP address upon login (difference in VLAN for 'machine authentication' and 'user login').
Any solution for this?
Tks2 issues here:
*Cached credentials for Microsoft supplicannts. Microsoft's authentication strategy in general reflects, and WLAN roaming would be difficult without the use of cached credentials. If cached credentials are not desired, would recommend another supplicant.
* Falied Authentication for a local account. It should try to dot1x authenticate this user. For PEAP as an example, you would see the username as \. Now, a port will only be placed into a HELD state if a RADIUS-Reject is sent to the switch. A RADIUS-Reject will only be sent to the switch if the attempt is actually "failed" as opposed to silently discarded, packet lost in transit, etc. Taking 3 minutes to actually fail an attempt is indeed way too long, but the switch is probably doing what RADIUS is telling it to do. (this can be verified by a sniffer trace or debugs). Correspinding logs on RADIUS would help as well. -
Hello everybody.
Let me explain my problem.
I have a Powershell shell Logon Script for a Domain user without privileges that has to:
Run IE as Domain user.
When user close al IE open windows, Script have to make some process as soon as finish, script run again IE.
The user that run the script doesn’t have any kind of access to the any drive and doesn’t have any access to any app or windows config setting, he has only access to IE through Powershell Logon Script, no more.
I gave to user privileges as a part of the operating system through GPO.
Well, let me show you the script before continue with the explanation:
Function fCredenciales([String]$FileTXT, [String]$UserIE)
$UsIE1 = Get-Credential -Credential $UserIE
$SecureIE = $UsIE1.Password
$BytesIE = ConvertFrom-SecureString $SecureIE
$BytesIE | Out-File $FileTXT
# SCRIPT
$Folder = "C:\Cred"
$FileIE = $Folder + "\IE.txt"
$UsIE = "Domain\User"
If(-Not (Test-Path $Folder))
New-Item $Folder -Type Directory
fCredenciales $FileIE $UsIE
If (-Not (Test-Path $FileIE))
fCredenciales $FileIE $UsIE
$UsIETxt = Get-Content $FileIE | ConvertTo-SecureString
If ($UsIETxt -eq $Null)
fCredenciales $FileIE $UsIE
$UsuarioIE = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UsIE, $UsIETxt
$MyNetwork = Get-WMIObject Win32_NetworkAdapterConfiguration -ComputerName LocalHost | Where-Object { $_.IPAddress -ne $null } # | Select-Object IPAddress
$MyIPAddress = $MyNetwork.IPAddress[0]
$URL = "https://www.mywebpage.com/?qwerty="
+ $MyIPAddress + " -private"
$IE = "C:\Program Files\Internet Explorer\iexplore.exe"
While ($True)
Start-Process $IE -ArgumentList $URL -ArgumentList $URL -Credential $UsuarioIE
$IDProcess = Get-Process -Name iexplore | ?{$_.MainWindowTitle} | %{$_.ID}
Wait-Process -Id $IDProcess
# Proccess 1
# Process2
I need to execute IE as other user.
As logon user doesn’t have drive access, he cannot read credential.
If logon script wants to ask for credential, credential windows never shown.
I don’t know why, but if the user hasn’t administratives privileges
Start-Proccess with –Credential doesn´t work, exactly as
Wait-Process -Id $IDProcess.
The security department wants:
User Without any access (No drives, no menu, no nothing
J).
Script has to run IE as domain simple user.
If script needs administrative privileges to run Wait-Window the script can be run as administrative user, but not the Start-Process.
I hope that you can understand me.
Thanks in advanced,
Angel Biurrun C.Sorry but what you seem to be trying to do is not possible. You cannot make a user an admin by having them do something that only an admin can do.
If your company says a user cannot have access to any drives then there is no way they can open a file on a drive they have no access to.
The script you posted is also impossible to read. Can you try and post it correctly. Maybe someone can decode what you are trying to do.
As a quick example this is how we post scripts.
Function fCredenciales([String]$FileTXT, [String]$UserIE){
$UsIE1=Get-Credential -Credential $UserIE
$SecureIE=$UsIE1.Password
$BytesIE=ConvertFrom-SecureString $SecureIE
$BytesIE | Out-File $FileTXT
Notice that it is readable and better indented. The eye can follow the code. By using the code control the code becomes color keyed which makes it even more readable.
¯\_(ツ)_/¯ -
Assign a local logon script using Group Policy
Is there a way to assign a local logon script using Group Policy? The reason I ask is that I wrote a logon/logoff script that will record the date/time, user, and computer for everyone who logs on to any machine in the domain. Right now it's set on a domain
GPO, so it works great for domain accounts, but I'd like to extend that functionality to local accounts as well. The only way I know how to do that would be to set my script to run using the local policy. Since I don't want to manually go around to all 400+
machines in my domain, I would rather find a simpler way of modifying the local policy. Any ideas?Martin, thank you for your response. That's exactly the kind of out-of-the-box answer I was looking for, unfortunately, it looks like I can only do that for Logon scripts. I don't see an option for Logoff. (Maybe the took the Logoff functionality out?
This article says there should be a Logoff item in the GPO, but they're talking about Windows 2000 in that article.)
Matthias, I started playing around with what you said, and I noticed that the "Scripts" key only seems to show up on my Windows 7 clients. The XP workstations don't have that key. Plus I did some testing, and I think I can do it without having
to mess with the registry at all.
So I think I have a workable solution at the moment. I found
this article that talks about copying Local Polices from one computer to another. I tried manually setting the Logon/Logoff scripts in the Local policy on a fresh machine. From that reference computer I copied the Scripts folder out of the %SYSTEMROOT%\System32\GroupPolicy\User
directory. It also created a gpt.ini file in the %SYSTEMROOT%\System32\GroupPolicy directory. The gpt.ini file contained an attribute called gPCUserExtensionNames, and one called Version. The gPCUserExtensionNames attribute specified two GUIDs, which
I assumed to be the GUIDs that identify the Local Policy. I tried manually creating the Local policy on several different machines, with several different Operating Systems, and those GUIDs always seemed to be the same (not sure why). So I copied the gpt.ini
file off the reference machine as well. When I placed all of the files I copied from the reference machine on to a new machine, everything seemed to work just fine (no registry modification necessary), with one caveat. It seemed to be running the script twice.
So I went back into the gpt.ini file and deleted one of the GUIDs listed under gPCUserExtensionNames, and now the script runs just once!
So I think this solution will work ok for me. We don't have any other Local Policies in place, so demolishing all existing Local Policies is perfectly acceptable in my case. I'm just not sure if I'm doing any damage by copying the gpt.ini file from a reference
machine (if anyone can expand on how that works, I would appreciate the peace of mind that I'm not making things worse by doing this). So all I need now is to write a Startup script, or an SCCM package to deliver the Logon scripts and associated ini files
to the appropriate location on all the domain PCs. Easy enough to do on my own. If anyone knows of a reason why this method is a bad idea, please post here. I'll be testing it out on a handful of PCs in the mean time.
Hi Guys,
Will this solution work for my case? I have a forcereboot batch script that I need to load on the local policy (logoff script through GPEDIT) however I can only load it manually. I need to do it on multiple machines (approx 5000 computers). I am having
trouble doing it using powershell. Is there any other options to do it?
Will I have to use the same GUID's you mentioned on the gpt.ini file? (gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}] since it refers to the local script and how about the version on the gpt.ini file?
Thanks in advance.
Dash
https://social.technet.microsoft.com/Forums/en-US/1f636042-bcff-498d-93c0-e1aa89f80961/how-to-load-a-script-on-the-local-group-policy-on-multiple-computers?forum=mdopagpm -
GPO apply user Logon script or GPP who Wins
hi
i have 2 GPO's linked to a OU1 GPO with precedence 1 has a GPP setting which applies a Value
the 2nd GPO has a Logon script which applies a value that is different that the 1st GPO
How does Precedence take place if both have conflicting settings.
How can i have change Linkorder/Precedence so that GPO 1 always wins
Who Wins the battle between Logon Script for a setting or GPP for a setting
Also
None of these GPO's apply HKLM settings
But even though i see following when i run ProcMon during User logon. Why is HKLM setting being set when user logon , is it not a computer logon thing
Operation - RegSetValue
Result - Success
Path - HKLM\SOFTWARE\MySoftware\Licensing\1\Server
Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.regAlso
None of these GPO's apply HKLM settings
But even though i see following when i run ProcMon during User logon. Why is HKLM setting being set when user logon , is it not a computer logon thing
Operation - RegSetValue
Result - Success
Path - HKLM\SOFTWARE\MySoftware\Licensing\1\Server
Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.reg
Does the file "License.reg" contain HKLM settings ?
Is the (user) Logon Script, launching this? : Command Line "C:\Windows\regedit.exe" /s \\DC01\NETLOGON\ABC\License.reg
If so, it's because the Logon script is simply executing what it has been configured to do.
Group Policy Admin Templates and settings which are specific to \User Configuration\ vs. \Computer Configuration\, will only be executed "per-user" or "per-computer" - just as executing "Startup Scripts" are a per-computer thing,
and executing "Logon Scripts" are a per-user thing - but that is only the trigger to execute - not what the executed payload might really do.
I would also expect such a process to fail (a user would not usually have permissions to a HKLM regkey) unless the regkey security has been relaxed, or, the user logging in has admin rights or similar.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
hello every one
i'm contacting you today cause on my domain i'm trying roll out some login scripts but thy don't seem to run even when following this tutorial
https://technet.microsoft.com/en-us/library/cc770908.aspx
here are copies of the login script that i try to run
this is what rns when the computer starts up or logs in
robocopy \\serveur\MDL\MDL\ D:\MDL\ /XO /MIR
and this is what run when the computer shuts down or logs off
robocopy D:\MDL\ \\serveur\MDL\MDL\ /XO /MIR
and then on another group of computers i have this script that run a the computers startup or login
::kill explorer
Taskkill /IM explorer.exe /F
::set to server time ?
::net time \\server /set /yes
::copy background
robocopy \\serveur\Background\ C:\background\ /XO /MIR
:: Add the required values to the registry, if these people are using a System Wallpaper.
::If they have always modified their wallpapers, the following lines are not necessary. "They have no habit of hurting themselves, constantly"
REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "C:\background\pre-background.png"
:: Modify the following line in the last number to 0 if you want to center the bitmap on the desktop.
::Change the last number in the following line to 2 if you wish to extend the bitmap vertically and horizontally to fit on your desktop.
REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 2
::copy games
robocopy \\serveur\Games\Riot_Games\ C:\Games\Riot_Games /XO /MIR
robocopy \\serveur\Games\World_of_Warplanes\ C:\Games\World_of_Warplanes\ /XO /MIR
robocopy \\serveur\Games\World_of_Tanks\ C:\Games\World_of_Tanks\ /XO /MIR
robocopy \\serveur\Games\Dofus2\ C:\Games\Dofus2\ /XO /MIR
robocopy \\serveur\Games\Hi-Rez_Studios\ C:\Games\Hi-Rez_Studios\ /XO /MIR
::launch cyberlux client
start C:\Windows\
the thing is that none of the scripts will i've tried adding a pause to double check that but it didn't even show up
when i mannually run them they run fine they do they copy everything that there ment to
i would like to able add the login scripts useing the gpo so i can control them easier
any help would be very much appreciated
and if you need any more info please just askIf the script runs manually this shouldnt be an issue
you have probably set the GPO up incorrectly for that see this
http://www.petri.com/setting-up-logon-script-through-gpo-windows-server-2008.htm
How and where did you link the created GPO? does gpresult show an applied gpo? -
VBScript Logon Script to Set Users HomeDirectory/HomeDrive Attributes
Hi all,
I'm trying to write a logon script that checks if the user logging on has a home directory, and if not, create one. The problem I'm having is that as the script is running under the user context, they obviously don't have write permissions to AD. Is there
any way this could work, perhaps by some sort of impersonation in the script? Alternatively if anyone has any better suggestions as to a better way to achieve this I'm more than open to suggestions!
Here is the code I have currently if it helps;
Set oADInfo = CreateObject("ADSystemInfo")
sDN = oADInfo.UserName
Set oUser = GetObject("LDAP://" & sDN)
sUserName = oUser.sAMAccountName
sHomeDir = oUser.homeDirectory
If sHomeDir = "" Then
sHomeDir = "\\fileserver\users\" & sUserName
oUser.Put "homeDirectory", sHomeDir
oUser.Put "homeDrive", "F:"
oUser.SetInfo
End If
Many thanks,
JamesBy the way - when you set this up with GP all users can be mapped in one setting or you can map groups of users. If you need to move users this can be easily done from GP by just changing the location. Windows will move all of the files.
You can also just multi select users in ADUC and right click and set drive and folder for all in one setting. You should use GP and not this method.
Users cannot edit their own objects in AD.
¯\_(ツ)_/¯ -
"A script is already running" while attempting to run more than one item
We upgrade recently to ODT 11.2.0.3.20. Since then, attempting to run more than one item from the Solution Explorer (by selecting the items, right-clicking, and selecting "Run") results in a popup error of "Oracle Developer Tools. A script is already running". If many items are selected it results in many error messages and only a random few of the items are actually executed on the server. Also, choosing "Run On" now results in it prompting for the target database for each item selected (rather than once for all items selected like it used to). This all used to work fine in the earlier release we were using. Has anyone else run into this? Any fixes? We used to use multi-select and "Run" or "Run On" to deploy multiple items at once, but this no longer works -- doing one at a time works, but if you have hundreds of items to run, this quickly becomes unusable.
Thanks for any insight.
- Joshcshay wrote:
I don't believe that the intention was for you to be able to run a bunch of scripts one after the other. Often there are dependencies between scripts anyway and so you you have to order them. Because we're generally deploying a large set of stored procedures (and not just one-time scripts) the order doesn't really matter -- even if a stored procedure gets created before one it depends on, once all the SPs are on the server, the ones that are "invalid" will compile correctly once you execute them.
I think a lot of people are creating master scripts that references child scripts using the "@" sql plus syntax.... have you tried that?
I'll give that a try as a work around. Only issue I have with that solution is every time we add or remove something from the solution, we also have to update the script.
We are doing a lot of enhancements to our script generation in the coming year. Keep an eye out for a beta to test.
Like I said, this used to work fine in the older versions of ODT. It seems like the new version is attempting to execute multiple items at once on the same connection simultaneously, thus resulting in the "A script is already running" error. The old version used to be smart enough to execute them one at a time -- so something changed in a more recent version to completely break "Run" and "Run On" when you have more than one item highlighted (even just highlighting 2 items and choosing "Run" runs the first item, but then gives the error for the second item).
Christian- Josh -
Problem Windows 8 logon script not working from windows server 2008 R2
hi there , this is third post regard this problem, here is my problem goes .....
Is a very simple logon script for mapping drive purpose .... PLS take note Domain users can access and run this script for domain users using windows XP / WINDOWS VISTA / WINDOSWS 7 and only users " WINDOWS 8.1 " Does NOT run
at all . the script I put on logon script in Windows server 2008R2 group policy ...
@jrv :- http://social.technet.microsoft.com/profile/jrv/?ws=usercard-mini , insist said is my group policy setup problem so I post here agn...
Manually run the script on WINDOWS 8.1 is 100 % perfect so it is definitely not my logon script issue , PLS any guidance pls share for me ok ?? thanks
Below is my script syntax ;-
@echo off
REM Login.bat Version 1.0
REM Exit if user has logged on to the Server
IF %COMPUTERNAME%.==SL2011. GOTO END
REM Delete pre-existing drive mappings
REM
REM Map M: to SL2011 on sl2011
NET USE M: /DELETE >nul
NET USE M: \\SL2011\sl2011 /YES >nul
REM
REM Map Y: to AccScan on rss2
NET USE Y: /DELETE >nul
NET USE Y: \\rss2\Public\AccScan /YES >nul
REMHi Tee Ee Foong,
According to your post, the gpresult showed the GPO was applied and the script could run successfullymanully in the client. Right? Please follow the following step to narrow down
the issue:
1. Change the script to the following command: add
> %SystemDrive%\Users\test.txt to the script.
2. Log on to a client with a regular user account, run gpupdate/force, and then re-log on to this client.
3. Check if the test.txtfile exists in this location %SystemDrive%\Users.
If the test.txtfile exists, the GPO with logon script is applied successfully when user logs on. But the result of running logon script achieves the goal we excepted or not which
is still not sure.
Regards,
Lany Zhang -
Need a Folder Action Script to automate running of Applescripts in iTunes
I posted this in the OSX forum but thought i'd try here too:
I have a couple of applescripts that I have begun using on some of my podcasts. Specifically they will deselect "Skip When Shuffling" and "Remember Track Position" (Thanks Doug!). I feel like it is getting tedious to have to remember to run these scripts every time the Podcast updates a new episode. I'm looking for a folder action script that will run these applescripts whenever a new item is added to their folder. While I try to puzzle one together (having never written one) does anyone have anything to fit these needs?Yes.
I recently need one to do something else.
I'll just give you the script I am using, you can hack at will...
property TargetPlaylist : "Library"
on adding folder items to this_folder after receiving added_items
repeat with each_item in added_items
tell application "iTunes"
add each_item to playlist TargetPlaylist
end tell
end repeat
tell application "Finder"
move every item of this_folder to the trash
empty the trash
end tell
end adding folder items to
This script when attached as a folder action will add the items dropped into it to my iTunes library, then delete them.
You can easily tear this one apart to get what you need done.
Beavis2084
Maybe you are looking for
-
Error while compression of infocube
Hello, I am facing following error while compression of inventory cube ORA-04098: trigger 'SAPPW1./BI0/0500014656' is invalid and failed re-validation Request have been loaded in the ranges of posting date and those request are not getting compressed
-
Variable based on another varable does not change at runtime
Hi. I have Foreach Loop container with a EXEC SQL task inside. The Foreach Loop loops through a directory containing flat files and and maps the filename to a "FileName" variable. The filenames have a datestamp in the filename that I want to extract.
-
SQL Developer usage (newbie) question - using for script development
I'm new to Oracle, but not to SQL (used MS SQL Server off and on for 3 years prior). SQLDeveloper (v1.5.1) was recommended as a dev tool for the work that I'm doing in in Oracle 10.2.0.4. I'm looking to write some scripts to eventually become stored
-
I have started getting extended dropouts during music streaming from iMac to Apple TV. It starts off as a glitchy sound until it finally goes quiet. It will then start back up about 20 seconds where if left off. Appears to be happening in about one m
-
Hi Everyone, We have a thread about this in the BT Vision board as well, so if you have BT Vision instead of YouView we'd really appreciate your thoughts in the other thread We have been asked for some very specific feedback from the BT TV content te