We're trying to run some logon / logoff scripts on server 2008r2 domain controller. The script is located in the default group policy logoff directory
\\domain.local\SysVol\domain.local\Policies\{guid}\User\Scripts\Logoff
Nothing was happening at log off so we finally realized the script wasn't running at all. I copied the script to my local machine and ran it, and it runs fine (regular authenticated user account).
I then tried to access the directory through file explorer which I can. However I could not run the batch file. I receive the error
"Windows cannot access(\location of file) You do not have permission to access(\location of file) Contact your network administrator to request access."
If I right click and runas admin it works fine. I haven't mentioned what's in the batch file because it doesn't seem to matter. I created a logon script the same way called test.bat. It only contains
echo Hello
pause
Again, this does not work in the users scripts folder, or in any share for that matter. I put it in a test share on our file server and I get the same error. If I run the batch file through command prompt it also works fine.
Also, the group policy is being applied and there are no error logs on the workstation event viewer.
Lastly,
I've tried giving my domain user account more privileges on the file itself and it still won't run. Only the domain admin can run the file.
Any thoughts?
Best Answer
Move your batch file to
\\DomainController\Netlogonand then in the GPO browse to that path and use that .bat file for the logoff script.That should fix any permissions issues.
If you have lots of DC's you can set the path to the batch file in the GPO to
\\%LOGONSERVER%\NETLOGON\copyNinite.batThen it will use whatever DC authenticated them as the path to the batch file, which should be local to their site.
Hope that helps.