Using this answer, I was able to confirm that a logon script is applied to my user account, but it doesn't run. I can run gpupdate /force
but my PC got accounts connected to a different domain and I don't know what would happen if I did that. My code only contain a simple WScript.Echo
for test purposes. I set it up using a GPO on the test server's active directory.
UPDATE:
After rebooting my PC, my new logon script still didn't work. This is my current code. Now, I made it only apply to my account by setting it on the Profile
.
Set oShell = CreateObject("WScript.Shell")
strHomeFolder = oShell.ExpandEnvironmentStrings("%USERPROFILE%")
Set objFSO=CreateObject("Scripting.FileSystemObject")
strLogFile = strHomeFolder & "\Documents\test_logon.txt"
WScript.Echo "strLogFile: ", strLogFile
Set objFile = objFSO.CreateTextFile(strLogFile, True)
objFile.Write "test logon" & vbCrLf
objFile.Close
Because the logon script still doesn't work from the Profile
, I changed it to using the GPO
directly. When I did gpresult /v
, it was displayed there.
When I run gpresult /h result.htm
, I got an error.
An error has occurred while collecting data for Administrative Templates.
The following errors were encountered:
Resource '$(string.Advanced_EnableSSL3Fallback)' referenced in attribute displayName could
not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 795, column 308
What did it mean? The test server that I'm currently connected to is a Windows Server 2012 R2.
Here's the result.htm
Group Policy Results
DOMAIN\Emp1
Data collected on: 6/14/2019 4:24:53 PM
Summary
Computer Configuration Summary
No data available.
User Configuration Summary
General
User name DOMAIN\Emp1
Domain DOMAIN.ed
Last time Group Policy was processed 6/14/2019 3:27:15 PM
Group Policy Objects
Applied GPOs
Name Link Location Revision
Company WallPaper_GPO DOMAIN.ed AD (4), Sysvol (4)
User_Manual_Test_GPO DOMAIN.ed/IT TEAM AD (4), Sysvol (4)
ITTEAM_GPO DOMAIN.ed/IT TEAM AD (4), Sysvol (4)
Denied GPOs
Name Link Location Reason Denied
Local Group Policy Local Empty
Default Domain Policy DOMAIN.ed Empty
Security Group Membership when Group Policy was applied
DOMAIN\Domain Users
Everyone
BUILTIN\Users
BUILTIN\Performance Log Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
Authentication authority asserted identity
Mandatory Label\Medium Mandatory Level
WMI Filters
Name Value Reference GPO(s)
None
Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Failed 6/14/2019 3:27:33 PM
Group Policy Infrastructure failed due to the error listed below.
The network is not present or not started.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/14/2019 3:27:15 PM and 6/14/2019 3:27:33 PM.
Registry (N/A) 6/4/2019 7:06:55 PM
Scripts (N/A) 6/14/2019 1:55:16 PM
Computer Configuration
No data available.
User Configuration
Policies
Windows Settings
Scripts
Logon
Name Parameters Last Run Script Order in GPO Winning GPO
testLogon.vbs Not configured User_Manual_Test_GPO
Administrative Templates
An error has occurred while collecting data for Administrative Templates.
The following errors were encountered:
Resource '$(string.Advanced_EnableSSL3Fallback)' referenced in attribute displayName could not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 795, column 308
I don't know if this is another reason for the problem, but the test server that I'm currently using kept on crashing for some reason.
Today, June 15, I rerunned gpresult /h result.htm
and got an error under Component Status.
Group Policy Infrastructure failed due to the error listed below.
The specified domain either does not exist or could not be contacted.
Note: Due to the GP Core failure, none of the other Group Policy
components processed their policy. Consequently, status information
for the other components is not available.Additional information may have been logged. Review the Policy Events
tab in the console or the application event log for events between
6/15/2019 3:37:44 PM and 6/15/2019 3:37:49 PM.
Where do I look at for the application event log? Is it inside Event Viewer? I can't seem to find the "application" event log there. rsop.msc
seem to not have the permission to look at the computer permissions even if I run it as administrator. Simply running it shows that I do have the 2 logon scripts I set on the GPO.
Could this be a root folder permission issue? I think not. The domain user account that I'm using got a full permission in it.
Best Answer
Try writing a file instead of echoing to a console. Depending on how things are set up, it could be running in a hidden session you never see, or just finishing so quick and then closing you miss it.
Don't worry about
gpupdate /force
That's gonna happen eventually anyway, other accounts or not; it's probably happened already. It happens every time you reboot the machine. You definitely won't ever see the new script if the policies don't update.Based on the updates, you should take a look at this section:
And for a possible fix, try this policy: