Discussion:
Computer Startup Batch File via GPO (not working)
(too old to reply)
Gar
2009-09-29 16:21:03 UTC
Permalink
Hi,

I've just wrote a very short and simple batch files which copies some files
onto a set of computers on start up, this batch file is assigned as a GPO to
a Computer OU, via Startup script.

The batch file basically has the following command and I can confirm that it
executes fine under the context of a user.

IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1

The GPO is copied to the Domains\SysVol\Domains\Policies\ folder on the DC
The source files to be copied are located under DOMAIN_PC1

Both of the above has been permissioned with full access to both
Authenticated Users and also to Domain Computers, as I believe Start Up
scripts are executed under the context of a computer account.

However, the copy job fails on boot up, and nothing in the event log
indicates what is going wrong. I've left it long enough for full replication
to take place across the DCs.

Any ideas guys?
Florian Frommherz [MVP]
2009-09-29 19:28:55 UTC
Permalink
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like

ECHO "Start..." >> C:\myStartfile.txt

to see whether the actual script is called?

Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?

If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Gar
2009-09-30 10:46:01 UTC
Permalink
Hi,

I can confirm that the GPO was applied, as we previously confirmed via a
GPResult on one of the systems, also, the batch script is already stored in
the default folder, as prompted when the GPO setting was set.
I will have to amend the script for it to create a dummy txt file on startup
and see what happens.

Thanks,
Post by Florian Frommherz [MVP]
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like
ECHO "Start..." >> C:\myStartfile.txt
to see whether the actual script is called?
Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?
If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Gar
2009-09-30 12:56:01 UTC
Permalink
OK - i've added another line to the script which simply creates a new
directory on the C:\ of the system. The folder is created so we can conclude
that the script is being called. Based on this, it must be a permissioning
issue on the source files, but i've already fully permissioned the files for
Authenticated Users and Domain Computers on the network share....
Post by Florian Frommherz [MVP]
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like
ECHO "Start..." >> C:\myStartfile.txt
to see whether the actual script is called?
Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?
If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Robert Sudbury
2009-09-30 13:36:23 UTC
Permalink
What's the NOS used for your DC?

In a similar situation I know of, in a 2 node cluster W2k3.sp1 Enterprise
Domain, (and not patched since sp1 support was dropped), they set Everyone
READ.

Computer accounts were not recognized as Authenticated Users. Resources
accessed by startup scripts were then set to Everyone READ.

The same setup on a W2K8 Enterprise domain using Authenticated Users for
permissions ... no problem.
Post by Gar
OK - i've added another line to the script which simply creates a new
directory on the C:\ of the system. The folder is created so we can conclude
that the script is being called. Based on this, it must be a permissioning
issue on the source files, but i've already fully permissioned the files for
Authenticated Users and Domain Computers on the network share....
Post by Florian Frommherz [MVP]
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like
ECHO "Start..." >> C:\myStartfile.txt
to see whether the actual script is called?
Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?
If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4470 (20090930) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
--
[Robert]


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4470 (20090930) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Gar
2009-09-30 13:47:01 UTC
Permalink
N00b question, what do you mean by NOS?
Post by Robert Sudbury
What's the NOS used for your DC?
In a similar situation I know of, in a 2 node cluster W2k3.sp1 Enterprise
Domain, (and not patched since sp1 support was dropped), they set Everyone
READ.
Computer accounts were not recognized as Authenticated Users. Resources
accessed by startup scripts were then set to Everyone READ.
The same setup on a W2K8 Enterprise domain using Authenticated Users for
permissions ... no problem.
Post by Gar
OK - i've added another line to the script which simply creates a new
directory on the C:\ of the system. The folder is created so we can conclude
that the script is being called. Based on this, it must be a permissioning
issue on the source files, but i've already fully permissioned the files for
Authenticated Users and Domain Computers on the network share....
Post by Florian Frommherz [MVP]
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like
ECHO "Start..." >> C:\myStartfile.txt
to see whether the actual script is called?
Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?
If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4470 (20090930) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
--
[Robert]
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4470 (20090930) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Robert Sudbury
2009-10-01 21:58:41 UTC
Permalink
The Network Operating System on your Domain Controllers... yah vague, and
rarely used anymore.

Like I mentioned in my first post, a situation setup on a W2k8 domain
behaves differently than on a similarly configured W2k3.sp1 Enterprise
domain. (clients were WXPPro.sp2/sp3).

If you're certain it's a permission issue, then add Everyone READ to the
source folder and see what happens.
Post by Gar
N00b question, what do you mean by NOS?
Post by Robert Sudbury
What's the NOS used for your DC?
In a similar situation I know of, in a 2 node cluster W2k3.sp1 Enterprise
Domain, (and not patched since sp1 support was dropped), they set Everyone
READ.
Computer accounts were not recognized as Authenticated Users. Resources
accessed by startup scripts were then set to Everyone READ.
The same setup on a W2K8 Enterprise domain using Authenticated Users for
permissions ... no problem.
Post by Gar
OK - i've added another line to the script which simply creates a new
directory on the C:\ of the system. The folder is created so we can conclude
that the script is being called. Based on this, it must be a permissioning
issue on the source files, but i've already fully permissioned the
files
for
Authenticated Users and Domain Computers on the network share....
Post by Florian Frommherz [MVP]
Howdie!
Post by Gar
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
So you are sure that the script would actually work as the folder is
present? Can you edit the script to put another line into it like
ECHO "Start..." >> C:\myStartfile.txt
to see whether the actual script is called?
Was the GPO applied to the machine? Do you see the GPO in GPResult and
RSOP.msc?
If none of the above helps, can you move the script to the actual folder
the GPEditor suggests when you create a new startup script?
Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
http://frickelsoft.net/cms/index.php?page=mailingliste
--
[Robert]


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4474 (20091001) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
Twayne
2009-09-30 15:28:46 UTC
Permalink
Post by Gar
Hi,
I've just wrote a very short and simple batch files which copies some
files onto a set of computers on start up, this batch file is
assigned as a GPO to a Computer OU, via Startup script.
The batch file basically has the following command and I can confirm
that it executes fine under the context of a user.
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
The GPO is copied to the Domains\SysVol\Domains\Policies\ folder on
the DC The source files to be copied are located under DOMAIN_PC1
Both of the above has been permissioned with full access to both
Authenticated Users and also to Domain Computers, as I believe Start
Up scripts are executed under the context of a computer account.
However, the copy job fails on boot up, and nothing in the event log
indicates what is going wrong. I've left it long enough for full
replication to take place across the DCs.
Any ideas guys?
I -think- you may have a minor flaw but I'm not positive. It fails here
too, on XP SP3+, P4.

Here are my changes:
IF EXIST C:\Folder1 : change to IF EXIST C:\folder1\ . Currently it
seems to be looking for the FILE Folder1, not the directory.
Then I added 2 sets of quotes:
IF EXIST "C:\Folder1\" COPY " \\DOMAIN_PC1\Folder\File1 C:\Folder1"

NOTE: Apologies, but: This is air code from memory: I am no longer at
the machine that used domains so I can't provide a screen shot. And of
course I was only copying one small file I created with copy con &
CTRL-Z.

Also, I don't think the Event Viewer will show you errors from the
Command Prompt, will it? I'd just remove any @ echo OFF you might have,
and watch the screen for errors. Makes the screen a little messy, but
it will put the error code right after the failing command in the batch.

If you still have troubles, I'd check in at alt.msdos.batch.nt
newsgroup and ask about it there. You'll get expert answers there from
professionals either in or formerly in the DOS field. Yes, DOS is quite
alive in many circles. Be sure you're polite; they're a bit picky about
interpersonal skills, but the information is top notch and they're not
afraid to say they don't know although that very seldom happens<g>.

HTH,

Twayne`
Gar
2009-09-30 16:03:01 UTC
Permalink
Hi Twayne,

Thanks for the input, but the example script was just to illustrate the line
of code - was not meant to be syntically correct. But anyways, the batch file
executes fine under the context of a user; so we know it's not the batch
file, but more so the permissions?

Thanks
Post by Twayne
Post by Gar
Hi,
I've just wrote a very short and simple batch files which copies some
files onto a set of computers on start up, this batch file is
assigned as a GPO to a Computer OU, via Startup script.
The batch file basically has the following command and I can confirm
that it executes fine under the context of a user.
IF EXIST C:\Folder1 COPY \\DOMAIN_PC1\Folder\File1 C:\Folder1
The GPO is copied to the Domains\SysVol\Domains\Policies\ folder on
the DC The source files to be copied are located under DOMAIN_PC1
Both of the above has been permissioned with full access to both
Authenticated Users and also to Domain Computers, as I believe Start
Up scripts are executed under the context of a computer account.
However, the copy job fails on boot up, and nothing in the event log
indicates what is going wrong. I've left it long enough for full
replication to take place across the DCs.
Any ideas guys?
I -think- you may have a minor flaw but I'm not positive. It fails here
too, on XP SP3+, P4.
IF EXIST C:\Folder1 : change to IF EXIST C:\folder1\ . Currently it
seems to be looking for the FILE Folder1, not the directory.
IF EXIST "C:\Folder1\" COPY " \\DOMAIN_PC1\Folder\File1 C:\Folder1"
NOTE: Apologies, but: This is air code from memory: I am no longer at
the machine that used domains so I can't provide a screen shot. And of
course I was only copying one small file I created with copy con &
CTRL-Z.
Also, I don't think the Event Viewer will show you errors from the
and watch the screen for errors. Makes the screen a little messy, but
it will put the error code right after the failing command in the batch.
If you still have troubles, I'd check in at alt.msdos.batch.nt
newsgroup and ask about it there. You'll get expert answers there from
professionals either in or formerly in the DOS field. Yes, DOS is quite
alive in many circles. Be sure you're polite; they're a bit picky about
interpersonal skills, but the information is top notch and they're not
afraid to say they don't know although that very seldom happens<g>.
HTH,
Twayne`
Loading...