As a company, we have purchased new anti-virus software and want to install it to all our computers through group policy.
The installer is an .exe and we have been provided with a .bat file to use on startup, however I've noticed that the script does not run (most of the time).
I tried troubleshooting the problem and I have partly amended script to log when it is run, this has helped me find that the issue is not with the script itself but that it is not even being run
@echo off
For /f "tokens=1-3 delims=/ " %%a in ('date /t') do (set mydate=%%c-%%b-%%a)
For /f "tokens=1-2 delims=/:" %%a in ('time /t') do (set mytime=%%a%%b)
ECHO [%mydate%_%mytime%] %USERNAME% sophos script run>>"\\server11\client_install\Sophos\Client\Logger.txt"
SET MCS_ENDPOINT=Sophos\Management Communications System\Endpoint\McsClient.exe
IF "%PROCESSOR_ARCHITECTURE%" == "x86" GOTO X86_PROG
IF NOT EXIST "%ProgramFiles(x86)%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0
:X86_PROG
IF NOT EXIST "%ProgramFiles%\%MCS_ENDPOINT%" GOTO INSTALL
exit /b 0
:INSTALL
ECHO [%mydate%_%mytime%] %USERNAME% sophos installation>>"\\server11\client_install\Sophos\Client\Logger.txt"
pushd \\server11\client_install\Sophos\Client
SophosSetup.exe --quiet
Popd
There is nothing wrong with the script, everyone has read access to the file and folder. And for testing purposes everyone has write access to Logger.txt
What puzzles me mostly, is that the script is run sometimes. The policy has been linked to 3 organisational units containing a total of 40 computers (some laptops, some desktops). This morning the script has been run by 2 computers, but at least 30 have been started up today.
I'm quite new to servers and group policies so everything that I have mentioned and tried below is new to me.
Things I have tried:
- Changing it to run script at logon instead of startup (and linked the policy to the OU storing the users)
- Enabled 'Run startup scripts asynchronously'
- Storing the batch file in the same folder as the .exe
- Storing the batch file in the folder provided by the policy
- Checked gpresult (the policy can be seen)
- Changed startup to run on 0 minutes after boot
- Changed startup to run after 30 minutes after boot
The server is Windows Server 2012 R2 and all computers are running Windows 10 Pro (1803)
Current setup:
screenshot of policy
Best Answer
By default, workstations do not wait for the network at startup, so the phase where scripts execute is usually past by the time the network initializes.
Group Policy Management Console:
Computer > Administrative Templates > System > Logon
Always wait for the network at computer startup and logon: Enabled
Also, you should copy the installer local and execute from a local folder.