| Author | Messages | |
frevere
Posts:18
 | | 04/07/2010 4:36 PM |
| Hector,
Did the computer startup GPO script work in copying the files for you?
Francis
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Tuesday, April 06, 2010 4:44 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hector,
The following script has always worked for me. Substitute
{directory} as the destination directory, and {servername}\{share} as
the network location of the file. I ran this from the computer
configuration\scripts\startup since the file needed to be on every
computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Would it be possible for you to post the contents of the
script? Please change any environment specific information (server
names, users, etc) to protect your organization's privacy before doing
so.
Did you also see Jerry's recommendation about using
Group Policy Preferences (GPP)? It would make what you're trying to do
much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird,
but it was true. now the only thing i need is to protect that script to
not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common thing. I am actually
wondering why you need to map a network drive to copy a file. Does using
a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD
want to have on all Domain machines a special file to run in case they
needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently
logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
If you have granted the computer object the required
permissions, you should be able to map the drive without having to
provide a user's credentials. Curious why you would need to do this in a
startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple
as possible.
Now my script is working but i needed to map a network
drive first with any user credentials
could you let me know how to encrypt the password of
that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
Don't you need to include some switches to prevent
prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
<file:///\\myserver\myshare\myfile> c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not
allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to the local
computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection
is not the problem, i enabled to wait for a network connection, the
message still is Access Denied, i gave all necessary permissions you
recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group Policy
Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions.
When dealing with Share/NTFS permissions, remember that the most
restrictive will always win out. To make it simple, I always give
"Authenticated Users" modify rights on the share, and then I use NTFS
permissions to lock down access.
So in your case, make sure you have Share permissions
opened up as widely as possible and make sure that "Domain Computers"
has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to
the network has not established yet. Do you set the "Always wait for
network at computer startup and logon" setting in your domain? It can be
found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to wait for the
network connection to establish before running any scripts, although it
may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a
file to all wks through gpo, my problem is that thorugh gpo the file is
not copying to the wks.
i have a little and easy CMD script that works if it is
executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums
and assigned domain computers permission, everyone, auth users, almos
everything to the share where WKS have to retrive the file but is not
working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any
attachments are intended only for the use of the intended recipient(s),
are confidential, and may be privileged. If you are not the intended
recipient, you are hereby notified that any review, retransmission,
conversion to hard copy, copying, circulation or other use of all or any
portion of this message and any attachments is strictly prohibited. If
you are not the intended recipient, please notify the sender immediately
by return e-mail, and delete this message and any attachments from your
system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| hriosm
Posts:18
| | 04/07/2010 7:59 PM |
| You guys are great!! Thanks, GPP is not an option since i have 2003 and xp,
i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
> Would it be possible for you to post the contents of the script? Please
> change any environment specific information (server names, users, etc) to
> protect your organization’s privacy before doing so.
>
>
>
> Did you also see Jerry’s recommendation about using Group Policy
> Preferences (GPP)? It would make what you’re trying to do much simpler.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 3:08 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> no sr. i tried with UNC but didnt work, that was weird, but it was true.
> now the only thing i need is to protect that script to not expose the
> password of that user i used to map the network drive.
>
>
>
> do you have any idea how to encrypt with net use?
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Okay, yeah that is a pretty common thing. I am actually wondering why you
> need to map a network drive to copy a file. Does using a UNC path not work
> for you?
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 2:08 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i gave domain computers fc permission and didnt work, HD want to have on
> all Domain machines a special file to run in case they needed, the only way
> to transfer that to all of them is a GPO.
>
>
>
> to avoid user names and doing a mess with our currently logon script, i
> decided to do that as an startup script.
>
>
>
> thanks.
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> If you have granted the computer object the required permissions, you
> should be able to map the drive without having to provide a user’s
> credentials. Curious why you would need to do this in a startup script
> though.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 1:18 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> yes sr. i indluded /y. i just want to show you as simple as possible.
>
>
>
> Now my script is working but i needed to map a network drive first with any
> user credentials
>
> could you let me know how to encrypt the password of that user to avoid
> show that on the script?
>
>
>
> thanks.
>
> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
>
> Don't you need to include some switches to prevent prompting?
>
>
>
> Martin T. Hugo
>
> Network Administrator
>
> Hilliard City Schools
>
> Tel: 614-921-7102
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx]
> *Sent:* Tuesday, April 06, 2010 1:16 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Reading the file from the origin.
>
>
>
> my script said
>
>
>
> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>
>
>
> it seems that user/computer at startup script is not allowed to access my
> share.
>
>
>
>
>
> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
>
> Denied on reading the file or writing to the local computer?
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* 06 April 2010 17:26
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i reviewed what andrew and you said, Network connection is not the problem,
> i enabled to wait for a network connection, the message still is Access
> Denied, i gave all necessary permissions you recommend me
>
>
>
> Waiting more suggestions, i really appreciate your help
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Andrew is right on here. Sometimes Group Policy Processing (especially
> scripts) gets in a race condition with the initiation of the network
> connection. Setting this setting usually helps quite a bit. If you’re still
> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
> registry setting and see if it helps. It is discussed in the following KB
> article.
>
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>
>
>
> Also make sure you haven’t only set share permissions. When dealing with
> Share/NTFS permissions, remember that the most restrictive will always win
> out. To make it simple, I always give “Authenticated Users” modify rights on
> the share, and then I use NTFS permissions to lock down access.
>
>
>
> So in your case, make sure you have Share permissions opened up as widely
> as possible and make sure that “Domain Computers” has a minimum of “Read”
> NTFS permissions.
>
>
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Andrew McHale
> *Sent:* Tuesday, April 06, 2010 10:36 AM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Hi Hector,
> The script could be failing because the connection to the network has not
> established yet. Do you set the "Always *wait for network* at computer
> startup and logon" setting in your domain? It can be found under “Computer
> Configuration\Administrative Templates\System\Logon\”. This would force
> the workstations to wait for the network connection to establish before
> running any scripts, although it may increase the system boot up time.
>
> Hope this helps.
>
>
>
> Andrew
>
>
>
> *From:* Hector Rios [mailto:xxxxxxxxxxxxxxxx]
> *Sent:* 06 April 2010 16:22
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] Files are not copying through GPO
>
>
>
> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
> through gpo, my problem is that thorugh gpo the file is not copying to the
> wks.
>
>
>
> i have a little and easy CMD script that works if it is executed locally
> from the WKS but if not working from my GPO
>
>
>
> i have this as Startup script, i have read other forums and assigned domain
> computers permission, everyone, auth users, almos everything to the share
> where WKS have to retrive the file but is not working.
>
>
>
> could anybody know how this could be working?
>
>
>
> This is urgent, i will be pending of my email.
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| davesharples
Posts:55
| | 04/07/2010 8:14 PM |
| you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization’s privacy before doing so.
Did you also see Jerry’s recommendation about using Group Policy Preferences (GPP)? It would make what you’re trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user’s credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials
could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you’re still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven’t only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give “Authenticated Users” modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that “Domain Computers” has a minimum of “Read” NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under “Computer Configuration\Administrative Templates\System\Logon\”.
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| hriosm
Posts:18
| | 04/07/2010 8:20 PM |
| i will try that script today, Francis, will let you know
2010/4/7 Francis Revere <xxxxxxxxxxxxxxxx>
> Hector,
>
> Did the computer startup GPO script work in copying the files for you?
>
> Francis
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Francis Revere
> *Sent:* Tuesday, April 06, 2010 4:44 PM
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
> Hector,
>
> The following script has always worked for me. Substitute {directory} as
> the destination directory, and {servername}\{share} as the network location
> of the file. I ran this from the computer configuration\scripts\startup
> since the file needed to be on every computer no matter the user.
>
>
> Dim objFSO, WshNetwork
>
> Const OverwriteExisting = True
>
> Set objFSO = CreateObject("Scripting.FileSystemObject")
>
> Set WshNetwork = Createobject("Wscript.Network")
>
> strComputer = WshNetwork.Computername
>
> wsLocation = "C:\{directory}\"
>
> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Nelson, Jamie
> *Sent:* Tuesday, April 06, 2010 4:21 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
> Would it be possible for you to post the contents of the script? Please
> change any environment specific information (server names, users, etc) to
> protect your organization’s privacy before doing so.
>
>
>
> Did you also see Jerry’s recommendation about using Group Policy
> Preferences (GPP)? It would make what you’re trying to do much simpler.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 3:08 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> no sr. i tried with UNC but didnt work, that was weird, but it was true.
> now the only thing i need is to protect that script to not expose the
> password of that user i used to map the network drive.
>
>
>
> do you have any idea how to encrypt with net use?
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Okay, yeah that is a pretty common thing. I am actually wondering why you
> need to map a network drive to copy a file. Does using a UNC path not work
> for you?
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 2:08 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i gave domain computers fc permission and didnt work, HD want to have on
> all Domain machines a special file to run in case they needed, the only way
> to transfer that to all of them is a GPO.
>
>
>
> to avoid user names and doing a mess with our currently logon script, i
> decided to do that as an startup script.
>
>
>
> thanks.
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> If you have granted the computer object the required permissions, you
> should be able to map the drive without having to provide a user’s
> credentials. Curious why you would need to do this in a startup script
> though.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 1:18 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> yes sr. i indluded /y. i just want to show you as simple as possible.
>
>
>
> Now my script is working but i needed to map a network drive first with any
> user credentials
>
> could you let me know how to encrypt the password of that user to avoid
> show that on the script?
>
>
>
> thanks.
>
> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
>
> Don't you need to include some switches to prevent prompting?
>
>
>
> Martin T. Hugo
>
> Network Administrator
>
> Hilliard City Schools
>
> Tel: 614-921-7102
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx]
> *Sent:* Tuesday, April 06, 2010 1:16 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Reading the file from the origin.
>
>
>
> my script said
>
>
>
> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>
>
>
> it seems that user/computer at startup script is not allowed to access my
> share.
>
>
>
>
>
> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
>
> Denied on reading the file or writing to the local computer?
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* 06 April 2010 17:26
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i reviewed what andrew and you said, Network connection is not the problem,
> i enabled to wait for a network connection, the message still is Access
> Denied, i gave all necessary permissions you recommend me
>
>
>
> Waiting more suggestions, i really appreciate your help
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Andrew is right on here. Sometimes Group Policy Processing (especially
> scripts) gets in a race condition with the initiation of the network
> connection. Setting this setting usually helps quite a bit. If you’re still
> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
> registry setting and see if it helps. It is discussed in the following KB
> article.
>
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>
>
>
> Also make sure you haven’t only set share permissions. When dealing with
> Share/NTFS permissions, remember that the most restrictive will always win
> out. To make it simple, I always give “Authenticated Users” modify rights on
> the share, and then I use NTFS permissions to lock down access.
>
>
>
> So in your case, make sure you have Share permissions opened up as widely
> as possible and make sure that “Domain Computers” has a minimum of “Read”
> NTFS permissions.
>
>
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Andrew McHale
> *Sent:* Tuesday, April 06, 2010 10:36 AM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Hi Hector,
> The script could be failing because the connection to the network has not
> established yet. Do you set the "Always *wait for network* at computer
> startup and logon" setting in your domain? It can be found under “Computer
> Configuration\Administrative Templates\System\Logon\”. This would force
> the workstations to wait for the network connection to establish before
> running any scripts, although it may increase the system boot up time.
>
> Hope this helps.
>
>
>
> Andrew
>
>
>
> *From:* Hector Rios [mailto:xxxxxxxxxxxxxxxx]
> *Sent:* 06 April 2010 16:22
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] Files are not copying through GPO
>
>
>
> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
> through gpo, my problem is that thorugh gpo the file is not copying to the
> wks.
>
>
>
> i have a little and easy CMD script that works if it is executed locally
> from the WKS but if not working from my GPO
>
>
>
> i have this as Startup script, i have read other forums and assigned domain
> computers permission, everyone, auth users, almos everything to the share
> where WKS have to retrive the file but is not working.
>
>
>
> could anybody know how this could be working?
>
>
>
> This is urgent, i will be pending of my email.
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| JamieNelson
Posts:166
| | 04/07/2010 8:20 PM |
| That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.248.7963 | http://www.dvn.com
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization’s privacy before doing so.
Did you also see Jerry’s recommendation about using Group Policy Preferences (GPP)? It would make what you’re trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user’s credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you’re still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven’t only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give “Authenticated Users” modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that “Domain Computers” has a minimum of “Read” NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under “Computer Configuration\Administrative Templates\System\Logon\”.
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| jeromelcruz
Posts:120
| | 04/07/2010 10:04 PM |
| Hector… (and others)…
Here is a list of the items that you can configure ‘directly’ with Group Policy Preferences (GPP). So ‘run’, do not ‘walk’, to deploy. ☺
GPP Extension Use GPOs to…
Drive Maps Create, modify, or delete mapped drives, and configure the visibility of all drives.
Environment Variables Create, modify, or delete environment variables.
Files Copy, modify the attributes of, replace, or delete files.
Folders Create, modify, or delete folders.
Ini Files Add, replace, or delete sections or properties in settings (.ini) or setup information (.inf) files.
Network Shares Create, modify, or delete ("un-share") network shares.
Registry Copy registry settings and apply them to other computers. Create, replace, or delete registry settings.
Shortcuts Create, modify, or delete shortcuts.
Data Sources Create, modify, or delete Open Database Connectivity (ODBC) data source names.
Devices Enable or disable hardware devices or classes of devices.
Folder Options Configure folder options; create, modify, or delete Open With associations for file name extensions; create, modify, or delete file extensions associated with a type of files.
Internet Settings Modify user-configurable Internet settings.
Local Users and Groups Create, modify, or delete local users and groups.
Network Options Create, modify, or delete virtual private networking (VPN) or dial-up networking (DUN) connections.
Power Options Modify power options and create, modify, or delete power schemes.
Printers Create, modify, or delete TCP/IP, shared, and local printer connections.
Regional Options Modify regional options.
Scheduled Tasks Create, modify, or delete scheduled or immediate tasks.
Services Modify services.
Start Menu Modify Start menu options.
I don’t know if you’ll be able to see the attached picture here, but this is what most of the GPP interfaces look like.
[cid:image002.jpg@01CAD653.A43707E0]
No more…
· Creating/borrowing scripts
· Testing those scripts
· Managing those scripts
· Updating the scripts (and doing it all over again)
Also, look at the filtering capabilities you get (different filters like these can be are ‘each’ item in the same GPO). There are 25 types and here are a few:
· Battery Present
· Computer Name
· CPU Speed
· Date Match
· Time Match
· Environment variable (see below)
· IP address range
· Operating system
· OU
· Security Group
· Registry match
· Query types: LDAP, MSI, and/or WMI
Oh and you can have more than one filter… Try “All Windows XP+SP2 devices get a new file copied to them starting at 6PM if they are in the XXX or ZZZ security group”, but “All Windows XP+SP3 devices get a different set of files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ security group”
And GPPEs support 46 built-in Environment variables (a few are listed below), plus any already on your systems, and lastly, if you don’t have one, you can create one since that is one of the GPP ‘extensions’ noted above.
Environment variable Description
%AppDataDir% The current user's Application Data directory.
%BinaryComputerSid% The SID of the computer in hexadecimal format.
%CommonProgramsDir% The "all users" Programs directory.
%ComputerName% The NetBIOS name of the computer.
%CurrentProcessId% The numeric identity of the main client process.
%DateTimeEx% The current time (UTC) with milliseconds.
%DomainName% The domain name or workgroup of the computer.
%OsVersion% The operating system: Server 2008, Vista, Server 2003, WinXP, etc.
%ResultCode% The client's exit code.
%SystemDir% The Windows system directory.
%TimeStamp% The time stamp of the configurations being executed.
%WindowsDir% The Windows directory.
Don’t have something you like for a filter? Create a new Environment variable based upon one of the filters (like all PCs with Adobe reader version 6.3 installed), then use that Environmental variable to key another activity off (like run an update using a ‘Immediate Task’).
Like I said, ‘run’, do not ‘walk’ to deploy Group Policy Preferences!
Jerry
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 12:11 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Thanks, we are behind the schedule to implement this script, i will try the script first, and do later tests with Gpp and Cse´s
i really appreciate your help
2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: • 405.552.8054 | Mobile: • 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
-----Original Message-----
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization’s privacy before doing so.
Did you also see Jerry’s recommendation about using Group Policy Preferences (GPP)? It would make what you’re trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user’s credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you’re still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven’t only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give “Authenticated Users” modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that “Domain Computers” has a minimum of “Read” NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under “Computer Configuration\Administrative Templates\System\Logon\”.
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:18
| | 04/07/2010 10:25 PM |
| Thanks for the detailed information on the use and abilities of GPP Jerry. I am sure that everyone, myself included, greatly appreciate it the time you spent on detailing this. Although I would love to start deploying GPP right now, with all other projects going on that will eventually slip to the bottom of the list.
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Cruz, Jerome L
Sent: Wednesday, April 07, 2010 4:10 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hector... (and others)...
Here is a list of the items that you can configure 'directly' with Group Policy Preferences (GPP). So 'run', do not 'walk', to deploy. J
GPP Extension Use GPOs to...
Drive Maps Create, modify, or delete mapped drives, and configure the visibility of all drives.
Environment Variables Create, modify, or delete environment variables.
Files Copy, modify the attributes of, replace, or delete files.
Folders Create, modify, or delete folders.
Ini Files Add, replace, or delete sections or properties in settings (.ini) or setup information (.inf) files.
Network Shares Create, modify, or delete ("un-share") network shares.
Registry Copy registry settings and apply them to other computers. Create, replace, or delete registry settings.
Shortcuts Create, modify, or delete shortcuts.
Data Sources Create, modify, or delete Open Database Connectivity (ODBC) data source names.
Devices Enable or disable hardware devices or classes of devices.
Folder Options Configure folder options; create, modify, or delete Open With associations for file name extensions; create, modify, or delete file extensions associated with a type of files.
Internet Settings Modify user-configurable Internet settings.
Local Users and Groups Create, modify, or delete local users and groups.
Network Options Create, modify, or delete virtual private networking (VPN) or dial-up networking (DUN) connections.
Power Options Modify power options and create, modify, or delete power schemes.
Printers Create, modify, or delete TCP/IP, shared, and local printer connections.
Regional Options Modify regional options.
Scheduled Tasks Create, modify, or delete scheduled or immediate tasks.
Services Modify services.
Start Menu Modify Start menu options.
I don't know if you'll be able to see the attached picture here, but this is what most of the GPP interfaces look like.
No more...
· Creating/borrowing scripts
· Testing those scripts
· Managing those scripts
· Updating the scripts (and doing it all over again)
Also, look at the filtering capabilities you get (different filters like these can be are 'each' item in the same GPO). There are 25 types and here are a few:
· Battery Present
· Computer Name
· CPU Speed
· Date Match
· Time Match
· Environment variable (see below)
· IP address range
· Operating system
· OU
· Security Group
· Registry match
· Query types: LDAP, MSI, and/or WMI
Oh and you can have more than one filter... Try "All Windows XP+SP2 devices get a new file copied to them starting at 6PM if they are in the XXX or ZZZ security group", but "All Windows XP+SP3 devices get a different set of files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ security group"
And GPPEs support 46 built-in Environment variables (a few are listed below), plus any already on your systems, and lastly, if you don't have one, you can create one since that is one of the GPP 'extensions' noted above.
Environment variable Description
%AppDataDir% The current user's Application Data directory.
%BinaryComputerSid% The SID of the computer in hexadecimal format.
%CommonProgramsDir% The "all users" Programs directory.
%ComputerName% The NetBIOS name of the computer.
%CurrentProcessId% The numeric identity of the main client process.
%DateTimeEx% The current time (UTC) with milliseconds.
%DomainName% The domain name or workgroup of the computer.
%OsVersion% The operating system: Server 2008, Vista, Server 2003, WinXP, etc.
%ResultCode% The client's exit code.
%SystemDir% The Windows system directory.
%TimeStamp% The time stamp of the configurations being executed.
%WindowsDir% The Windows directory.
Don't have something you like for a filter? Create a new Environment variable based upon one of the filters (like all PCs with Adobe reader version 6.3 installed), then use that Environmental variable to key another activity off (like run an update using a 'Immediate Task').
Like I said, 'run', do not 'walk' to deploy Group Policy Preferences!
Jerry
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 12:11 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Thanks, we are behind the schedule to implement this script, i will try the script first, and do later tests with Gpp and Cse´s
i really appreciate your help
2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx>
That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/> <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/> <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/> <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/> <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| Martin_Hugo
Posts:26
| | 04/07/2010 10:33 PM |
| I hear you. My list goes sideways 
Marty
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Wednesday, April 07, 2010 4:32 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Thanks for the detailed information on the use and abilities of GPP Jerry. I am sure that everyone, myself included, greatly appreciate it the time you spent on detailing this. Although I would love to start deploying GPP right now, with all other projects going on that will eventually slip to the bottom of the list.
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Cruz, Jerome L
Sent: Wednesday, April 07, 2010 4:10 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hector... (and others)...
Here is a list of the items that you can configure 'directly' with Group Policy Preferences (GPP). So 'run', do not 'walk', to deploy.
GPP Extension Use GPOs to...
Drive Maps Create, modify, or delete mapped drives, and configure the visibility of all drives.
Environment Variables Create, modify, or delete environment variables.
Files Copy, modify the attributes of, replace, or delete files.
Folders Create, modify, or delete folders.
Ini Files Add, replace, or delete sections or properties in settings (.ini) or setup information (.inf) files.
Network Shares Create, modify, or delete ("un-share") network shares.
Registry Copy registry settings and apply them to other computers. Create, replace, or delete registry settings.
Shortcuts Create, modify, or delete shortcuts.
Data Sources Create, modify, or delete Open Database Connectivity (ODBC) data source names.
Devices Enable or disable hardware devices or classes of devices.
Folder Options Configure folder options; create, modify, or delete Open With associations for file name extensions; create, modify, or delete file extensions associated with a type of files.
Internet Settings Modify user-configurable Internet settings.
Local Users and Groups Create, modify, or delete local users and groups.
Network Options Create, modify, or delete virtual private networking (VPN) or dial-up networking (DUN) connections.
Power Options Modify power options and create, modify, or delete power schemes.
Printers Create, modify, or delete TCP/IP, shared, and local printer connections.
Regional Options Modify regional options.
Scheduled Tasks Create, modify, or delete scheduled or immediate tasks.
Services Modify services.
Start Menu Modify Start menu options.
I don't know if you'll be able to see the attached picture here, but this is what most of the GPP interfaces look like.
[cid:image001.jpg@01CAD671.16CAABF0]
No more...
* Creating/borrowing scripts
* Testing those scripts
* Managing those scripts
* Updating the scripts (and doing it all over again)
Also, look at the filtering capabilities you get (different filters like these can be are 'each' item in the same GPO). There are 25 types and here are a few:
* Battery Present
* Computer Name
* CPU Speed
* Date Match
* Time Match
* Environment variable (see below)
* IP address range
* Operating system
* OU
* Security Group
* Registry match
* Query types: LDAP, MSI, and/or WMI
Oh and you can have more than one filter... Try "All Windows XP+SP2 devices get a new file copied to them starting at 6PM if they are in the XXX or ZZZ security group", but "All Windows XP+SP3 devices get a different set of files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ security group"
And GPPEs support 46 built-in Environment variables (a few are listed below), plus any already on your systems, and lastly, if you don't have one, you can create one since that is one of the GPP 'extensions' noted above.
Environment variable Description
%AppDataDir% The current user's Application Data directory.
%BinaryComputerSid% The SID of the computer in hexadecimal format.
%CommonProgramsDir% The "all users" Programs directory.
%ComputerName% The NetBIOS name of the computer.
%CurrentProcessId% The numeric identity of the main client process.
%DateTimeEx% The current time (UTC) with milliseconds.
%DomainName% The domain name or workgroup of the computer.
%OsVersion% The operating system: Server 2008, Vista, Server 2003, WinXP, etc.
%ResultCode% The client's exit code.
%SystemDir% The Windows system directory.
%TimeStamp% The time stamp of the configurations being executed.
%WindowsDir% The Windows directory.
Don't have something you like for a filter? Create a new Environment variable based upon one of the filters (like all PCs with Adobe reader version 6.3 installed), then use that Environmental variable to key another activity off (like run an update using a 'Immediate Task').
Like I said, 'run', do not 'walk' to deploy Group Policy Preferences!
Jerry
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 12:11 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Thanks, we are behind the schedule to implement this script, i will try the script first, and do later tests with Gpp and Cse´s
i really appreciate your help
2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: * 405.552.8054 | Mobile: * 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
-----Original Message-----
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| hriosm
Posts:18
| | 04/07/2010 10:46 PM |
| Thank you so much about this, im sure i will do this to improve the things
we are doing now.
2010/4/7 Cruz, Jerome L <xxxxxxxxxxxxxxxx>
> Hector… (and others)…
>
>
>
> Here is a list of the items that you can configure ‘directly’ with Group
> Policy Preferences (GPP). So ‘run’, do not ‘walk’, to deploy. J
>
>
>
> *GPP Extension * *Use GPOs to… *
>
> Drive Maps Create, modify, or delete mapped drives, and
> configure the visibility of all drives.
>
> Environment Variables Create, modify, or delete environment variables.
>
>
> Files Copy, modify the attributes of, replace, or
> delete files.
>
> Folders Create, modify, or delete folders.
>
> Ini Files Add, replace, or delete sections or properties
> in settings (.ini) or setup information (.inf) files.
>
> Network Shares Create, modify, or delete ("un-share") network
> shares.
>
> Registry Copy registry settings and apply them to other
> computers. Create, replace, or delete registry settings.
>
> Shortcuts Create, modify, or delete shortcuts.
>
> Data Sources Create, modify, or delete Open Database
> Connectivity (ODBC) data source names.
>
> Devices Enable or disable hardware devices or classes of
> devices.
>
> Folder Options Configure folder options; create, modify, or
> delete Open With associations for file name extensions; create, modify, or
> delete file extensions associated with a type of files.
>
> Internet Settings Modify user-configurable Internet settings.
>
> Local Users and Groups Create, modify, or delete local users and
> groups.
>
> Network Options Create, modify, or delete virtual private
> networking (VPN) or dial-up networking (DUN) connections.
>
> Power Options Modify power options and create, modify, or
> delete power schemes.
>
> Printers Create, modify, or delete TCP/IP, shared, and
> local printer connections.
>
> Regional Options Modify regional options.
>
> Scheduled Tasks Create, modify, or delete *scheduled* or *
> immediate* tasks.
>
> Services Modify services.
>
> Start Menu Modify Start menu options.
>
>
>
> I don’t know if you’ll be able to see the attached picture here, but this
> is what most of the GPP interfaces look like.
>
>
>
>
>
> No more…
>
> · Creating/borrowing scripts
>
> · Testing those scripts
>
> · Managing those scripts
>
> · Updating the scripts (and doing it all over again)
>
>
>
> Also, look at the filtering capabilities you get (different filters like
> these can be are ‘each’ item in the same GPO). There are 25 types and here
> are a few:
>
> · Battery Present
>
> · Computer Name
>
> · CPU Speed
>
> · Date Match
>
> · Time Match
>
> · Environment variable (see below)
>
> · IP address range
>
> · Operating system
>
> · OU
>
> · Security Group
>
> · Registry match
>
> · Query types: LDAP, MSI, and/or WMI
>
>
>
> Oh and you can have more than one filter… Try “All Windows XP+SP2 devices
> get a new file copied to them starting at 6PM if they are in the XXX or ZZZ
> security group”, but “All Windows XP+SP3 devices get a different set of
> files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ
> security group”
>
>
>
> And GPPEs support 46 built-in Environment variables (a few are listed
> below), plus any already on your systems, and lastly, if you don’t have one,
> you can create one since that is one of the GPP ‘extensions’ noted above.
>
>
>
> Environment variable Description
>
> %AppDataDir% The current user's Application Data directory.
>
> %BinaryComputerSid% The SID of the computer in hexadecimal format.
>
> %CommonProgramsDir% The "all users" Programs directory.
>
> %ComputerName% The NetBIOS name of the computer.
>
> %CurrentProcessId% The numeric identity of the main client process.
>
> %DateTimeEx% The current time (UTC) with milliseconds.
>
> %DomainName% The domain name or workgroup of the computer.
>
> %OsVersion% The operating system: Server 2008, Vista, Server
> 2003, WinXP, etc.
>
> %ResultCode% The client's exit code.
>
> %SystemDir% The Windows system directory.
>
> %TimeStamp% The time stamp of the configurations being
> executed.
>
> %WindowsDir% The Windows directory.
>
>
>
> Don’t have something you like for a filter? Create a new Environment
> variable based upon one of the filters (like all PCs with Adobe reader
> version 6.3 installed), then use that Environmental variable to key another
> activity off (like run an update using a ‘Immediate Task’).
>
>
>
> Like I said, ‘run’, do not ‘walk’ to deploy Group Policy Preferences!
>
>
>
> *Jerry *
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Wednesday, April 07, 2010 12:11 PM
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Thanks, we are behind the schedule to implement this script, i will try the
> script first, and do later tests with Gpp and Cse´s
>
>
>
> i really appreciate your help
>
> 2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> That's correct. The client side extensions (CSEs) are supported on
> everything from XP/2003 on up. The only catch is that you have to have a
> Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed
> out.
>
> Note: If you have WSUS in your environment, you can push the CSEs out that
> way very easily. It's just an update approval and you're done.
>
>
> Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
> Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
> -----Original Message-----
> From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
> On Behalf Of Dave Sharples
>
> Sent: Wednesday, April 07, 2010 1:50 PM
> To: xxxxxxxxxxxxxxxx
>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
>
>
> On 7 Apr 2010, at 19:48, Hector Rios wrote:
>
> You guys are great!! Thanks, GPP is not an option since i have 2003 and xp,
> i read that for GPP is needed 2008 and vista, maybe im wrong.
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
> Would it be possible for you to post the contents of the script? Please
> change any environment specific information (server names, users, etc) to
> protect your organization’s privacy before doing so.
>
> Did you also see Jerry’s recommendation about using Group Policy
> Preferences (GPP)? It would make what you’re trying to do much simpler.
>
> Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
> Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com<http://www.dvn.com/>
>
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> On Behalf Of Hector Rios
> Sent: Tuesday, April 06, 2010 3:08 PM
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> no sr. i tried with UNC but didnt work, that was weird, but it was true.
> now the only thing i need is to protect that script to not expose the
> password of that user i used to map the network drive.
>
> do you have any idea how to encrypt with net use?
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
> Okay, yeah that is a pretty common thing. I am actually wondering why you
> need to map a network drive to copy a file. Does using a UNC path not work
> for you?
>
> Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
> Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com<http://www.dvn.com/>
>
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> On Behalf Of Hector Rios
> Sent: Tuesday, April 06, 2010 2:08 PM
>
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> i gave domain computers fc permission and didnt work, HD want to have on
> all Domain machines a special file to run in case they needed, the only way
> to transfer that to all of them is a GPO.
>
> to avoid user names and doing a mess with our currently logon script, i
> decided to do that as an startup script.
>
> thanks.
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
> If you have granted the computer object the required permissions, you
> should be able to map the drive without having to provide a user’s
> credentials. Curious why you would need to do this in a startup script
> though.
>
> Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
> Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com<http://www.dvn.com/>
>
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> On Behalf Of Hector Rios
> Sent: Tuesday, April 06, 2010 1:18 PM
>
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> yes sr. i indluded /y. i just want to show you as simple as possible.
>
> Now my script is working but i needed to map a network drive first with any
> user credentials could you let me know how to encrypt the password of that
> user to avoid show that on the script?
>
> thanks.
> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
> Don't you need to include some switches to prevent prompting?
>
> Martin T. Hugo
> Network Administrator
> Hilliard City Schools
> Tel: 614-921-7102
> ________________________________
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On
> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> Sent: Tuesday, April 06, 2010 1:16 PM
>
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> Reading the file from the origin.
>
> my script said
>
> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>
> it seems that user/computer at startup script is not allowed to access my
> share.
>
>
>
> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:
> xxxxxxxxxxxxxxxx>>
> Denied on reading the file or writing to the local computer?
>
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> On Behalf Of Hector Rios
> Sent: 06 April 2010 17:26
>
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: Re: [gptalk] Files are not copying through GPO
>
> i reviewed what andrew and you said, Network connection is not the problem,
> i enabled to wait for a network connection, the message still is Access
> Denied, i gave all necessary permissions you recommend me
>
> Waiting more suggestions, i really appreciate your help
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
> Andrew is right on here. Sometimes Group Policy Processing (especially
> scripts) gets in a race condition with the initiation of the network
> connection. Setting this setting usually helps quite a bit. If you’re still
> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
> registry setting and see if it helps. It is discussed in the following KB
> article.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>
> Also make sure you haven’t only set share permissions. When dealing with
> Share/NTFS permissions, remember that the most restrictive will always win
> out. To make it simple, I always give “Authenticated Users” modify rights on
> the share, and then I use NTFS permissions to lock down access.
>
> So in your case, make sure you have Share permissions opened up as widely
> as possible and make sure that “Domain Computers” has a minimum of “Read”
> NTFS permissions.
>
>
> Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy
> Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com<http://www.dvn.com/>
>
> From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> On Behalf Of Andrew McHale
> Sent: Tuesday, April 06, 2010 10:36 AM
>
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: RE: [gptalk] Files are not copying through GPO
>
> Hi Hector,
> The script could be failing because the connection to the network has not
> established yet. Do you set the "Always wait for network at computer startup
> and logon" setting in your domain? It can be found under “Computer
> Configuration\Administrative Templates\System\Logon\”.
> This would force the workstations to wait for the network connection to
> establish before running any scripts, although it may increase the system
> boot up time.
> Hope this helps.
>
> Andrew
>
> From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
> Sent: 06 April 2010 16:22
> To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
> Subject: [gptalk] Files are not copying through GPO
>
> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
> through gpo, my problem is that thorugh gpo the file is not copying to the
> wks.
>
> i have a little and easy CMD script that works if it is executed locally
> from the WKS but if not working from my GPO
>
> i have this as Startup script, i have read other forums and assigned domain
> computers permission, everyone, auth users, almos everything to the share
> where WKS have to retrive the file but is not working.
>
> could anybody know how this could be working?
>
> This is urgent, i will be pending of my email.
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
> ________________________________
>
> Confidentiality Warning: This message and any attachments are intended only
> for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| davesharples
Posts:55
| | 04/07/2010 10:51 PM |
| One extra thing on this which annoys me as was wondering if there was a workaround.
Copying files to %programfiles% on 32 and 64 bit systems. If i have deployed a 32Bit app to a 64bit machine it goes in %programfiles(x86)%. Then if I want to copy a file in I need 2 preferences, one for 32 and one for 64 which I am using targetting on via a WMI query (which I can never remember and there doesnt appear to be a built in targetting type for this).
Is there a better way to manage the 32/64 bit different with files?
Ta
On 7 Apr 2010, at 21:10, Cruz, Jerome L wrote:
Hector… (and others)…
Here is a list of the items that you can configure ‘directly’ with Group Policy Preferences (GPP). So ‘run’, do not ‘walk’, to deploy.
GPP Extension Use GPOs to…
Drive Maps Create, modify, or delete mapped drives, and configure the visibility of all drives.
Environment Variables Create, modify, or delete environment variables.
Files Copy, modify the attributes of, replace, or delete files.
Folders Create, modify, or delete folders.
Ini Files Add, replace, or delete sections or properties in settings (.ini) or setup information (.inf) files.
Network Shares Create, modify, or delete ("un-share") network shares.
Registry Copy registry settings and apply them to other computers. Create, replace, or delete registry settings.
Shortcuts Create, modify, or delete shortcuts.
Data Sources Create, modify, or delete Open Database Connectivity (ODBC) data source names.
Devices Enable or disable hardware devices or classes of devices.
Folder Options Configure folder options; create, modify, or delete Open With associations for file name extensions; create, modify, or delete file extensions associated with a type of files.
Internet Settings Modify user-configurable Internet settings.
Local Users and Groups Create, modify, or delete local users and groups.
Network Options Create, modify, or delete virtual private networking (VPN) or dial-up networking (DUN) connections.
Power Options Modify power options and create, modify, or delete power schemes.
Printers Create, modify, or delete TCP/IP, shared, and local printer connections.
Regional Options Modify regional options.
Scheduled Tasks Create, modify, or delete scheduled or immediate tasks.
Services Modify services.
Start Menu Modify Start menu options.
I don’t know if you’ll be able to see the attached picture here, but this is what most of the GPP interfaces look like.
<image002.jpg>
No more…
• Creating/borrowing scripts
• Testing those scripts
• Managing those scripts
• Updating the scripts (and doing it all over again)
Also, look at the filtering capabilities you get (different filters like these can be are ‘each’ item in the same GPO). There are 25 types and here are a few:
• Battery Present
• Computer Name
• CPU Speed
• Date Match
• Time Match
• Environment variable (see below)
• IP address range
• Operating system
• OU
• Security Group
• Registry match
• Query types: LDAP, MSI, and/or WMI
Oh and you can have more than one filter… Try “All Windows XP+SP2 devices get a new file copied to them starting at 6PM if they are in the XXX or ZZZ security group”, but “All Windows XP+SP3 devices get a different set of files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ security group”
And GPPEs support 46 built-in Environment variables (a few are listed below), plus any already on your systems, and lastly, if you don’t have one, you can create one since that is one of the GPP ‘extensions’ noted above.
Environment variable Description
%AppDataDir% The current user's Application Data directory.
%BinaryComputerSid% The SID of the computer in hexadecimal format.
%CommonProgramsDir% The "all users" Programs directory.
%ComputerName% The NetBIOS name of the computer.
%CurrentProcessId% The numeric identity of the main client process.
%DateTimeEx% The current time (UTC) with milliseconds.
%DomainName% The domain name or workgroup of the computer.
%OsVersion% The operating system: Server 2008, Vista, Server 2003, WinXP, etc.
%ResultCode% The client's exit code.
%SystemDir% The Windows system directory.
%TimeStamp% The time stamp of the configurations being executed.
%WindowsDir% The Windows directory.
Don’t have something you like for a filter? Create a new Environment variable based upon one of the filters (like all PCs with Adobe reader version 6.3 installed), then use that Environmental variable to key another activity off (like run an update using a ‘Immediate Task’).
Like I said, ‘run’, do not ‘walk’ to deploy Group Policy Preferences!
Jerry
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 12:11 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Thanks, we are behind the schedule to implement this script, i will try the script first, and do later tests with Gpp and Cse´s
i really appreciate your help
2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: • 405.552.8054 | Mobile: • 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
-----Original Message-----
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization’s privacy before doing so.
Did you also see Jerry’s recommendation about using Group Policy Preferences (GPP)? It would make what you’re trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user’s credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile<smb://myserver/myshare/myfile> c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you’re still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven’t only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give “Authenticated Users” modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that “Domain Computers” has a minimum of “Read” NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under “Computer Configuration\Administrative Templates\System\Logon\”.
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| hriosm
Posts:18
| | 04/07/2010 10:58 PM |
| Francis, the script is not working, it said error on line 13, path not
found, i guess is not connecting to my share i used that with brackets as
you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}<file://%7bmyservername%7b/%7Bmyshare%7D>",wslocation
OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO CopyFile\\{myservername{\{myshare\MYFILE}<file://%7bmyservername%7b/%7Bmyshare/MYFILE%7D>",wslocation
OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at all.
Thanks.
Hector,
>
> The following script has always worked for me. Substitute {directory} as
> the destination directory, and {servername}\{share} as the network location
> of the file. I ran this from the computer configuration\scripts\startup
> since the file needed to be on every computer no matter the user.
>
>
> Dim objFSO, WshNetwork
>
> Const OverwriteExisting = True
>
> Set objFSO = CreateObject("Scripting.FileSystemObject")
>
> Set WshNetwork = Createobject("Wscript.Network")
>
> strComputer = WshNetwork.Computername
>
> wsLocation = "C:\{directory}\"
>
> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Nelson, Jamie
> *Sent:* Tuesday, April 06, 2010 4:21 PM
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
> Would it be possible for you to post the contents of the script? Please
> change any environment specific information (server names, users, etc) to
> protect your organization’s privacy before doing so.
>
>
>
> Did you also see Jerry’s recommendation about using Group Policy
> Preferences (GPP)? It would make what you’re trying to do much simpler.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 3:08 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> no sr. i tried with UNC but didnt work, that was weird, but it was true.
> now the only thing i need is to protect that script to not expose the
> password of that user i used to map the network drive.
>
>
>
> do you have any idea how to encrypt with net use?
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Okay, yeah that is a pretty common thing. I am actually wondering why you
> need to map a network drive to copy a file. Does using a UNC path not work
> for you?
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 2:08 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i gave domain computers fc permission and didnt work, HD want to have on
> all Domain machines a special file to run in case they needed, the only way
> to transfer that to all of them is a GPO.
>
>
>
> to avoid user names and doing a mess with our currently logon script, i
> decided to do that as an startup script.
>
>
>
> thanks.
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> If you have granted the computer object the required permissions, you
> should be able to map the drive without having to provide a user’s
> credentials. Curious why you would need to do this in a startup script
> though.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 1:18 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> yes sr. i indluded /y. i just want to show you as simple as possible.
>
>
>
> Now my script is working but i needed to map a network drive first with any
> user credentials
>
> could you let me know how to encrypt the password of that user to avoid
> show that on the script?
>
>
>
> thanks.
>
> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
>
> Don't you need to include some switches to prevent prompting?
>
>
>
> Martin T. Hugo
>
> Network Administrator
>
> Hilliard City Schools
>
> Tel: 614-921-7102
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx]
> *Sent:* Tuesday, April 06, 2010 1:16 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Reading the file from the origin.
>
>
>
> my script said
>
>
>
> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>
>
>
> it seems that user/computer at startup script is not allowed to access my
> share.
>
>
>
>
>
> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
>
> Denied on reading the file or writing to the local computer?
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* 06 April 2010 17:26
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i reviewed what andrew and you said, Network connection is not the problem,
> i enabled to wait for a network connection, the message still is Access
> Denied, i gave all necessary permissions you recommend me
>
>
>
> Waiting more suggestions, i really appreciate your help
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Andrew is right on here. Sometimes Group Policy Processing (especially
> scripts) gets in a race condition with the initiation of the network
> connection. Setting this setting usually helps quite a bit. If you’re still
> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
> registry setting and see if it helps. It is discussed in the following KB
> article.
>
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>
>
>
> Also make sure you haven’t only set share permissions. When dealing with
> Share/NTFS permissions, remember that the most restrictive will always win
> out. To make it simple, I always give “Authenticated Users” modify rights on
> the share, and then I use NTFS permissions to lock down access.
>
>
>
> So in your case, make sure you have Share permissions opened up as widely
> as possible and make sure that “Domain Computers” has a minimum of “Read”
> NTFS permissions.
>
>
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Andrew McHale
> *Sent:* Tuesday, April 06, 2010 10:36 AM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Hi Hector,
> The script could be failing because the connection to the network has not
> established yet. Do you set the "Always *wait for network* at computer
> startup and logon" setting in your domain? It can be found under “Computer
> Configuration\Administrative Templates\System\Logon\”. This would force
> the workstations to wait for the network connection to establish before
> running any scripts, although it may increase the system boot up time.
>
> Hope this helps.
>
>
>
> Andrew
>
>
>
> *From:* Hector Rios [mailto:xxxxxxxxxxxxxxxx]
> *Sent:* 06 April 2010 16:22
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] Files are not copying through GPO
>
>
>
> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
> through gpo, my problem is that thorugh gpo the file is not copying to the
> wks.
>
>
>
> i have a little and easy CMD script that works if it is executed locally
> from the WKS but if not working from my GPO
>
>
>
> i have this as Startup script, i have read other forums and assigned domain
> computers permission, everyone, auth users, almos everything to the share
> where WKS have to retrive the file but is not working.
>
>
>
> could anybody know how this could be working?
>
>
>
> This is urgent, i will be pending of my email.
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:18
| | 04/08/2010 2:35 PM |
| Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on line 13,
path not found, i guess is not connecting to my share i used that with
brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}
<file://%7bmyservername%7b/%7Bmyshare%7D> ",wslocation OverwriteExisting
(SEND ME INVALID ARGUMENT
objFSO CopyFile\\{myservername{\{myshare\MYFILE}
<file://%7bmyservername%7b/%7Bmyshare/MYFILE%7D> ",wslocation
OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at all.
Thanks.
Hector,
The following script has always worked for me.
Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying
through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation about
using Group Policy Preferences (GPP)? It would make what you're trying
to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
no sr. i tried with UNC but didnt work, that was
weird, but it was true. now the only thing i need is to protect that
script to not expose the password of that user i used to map the network
drive.
do you have any idea how to encrypt with net
use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common thing. I am
actually wondering why you need to map a network drive to copy a file.
Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
i gave domain computers fc permission and didnt
work, HD want to have on all Domain machines a special file to run in
case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our
currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
If you have granted the computer object the
required permissions, you should be able to map the drive without having
to provide a user's credentials. Curious why you would need to do this
in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
yes sr. i indluded /y. i just want to show you
as simple as possible.
Now my script is working but i needed to map a
network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
Don't you need to include some switches to
prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup script
is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to the
local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
i reviewed what andrew and you said, Network
connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really appreciate
your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group Policy
Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share
permissions. When dealing with Share/NTFS permissions, remember that the
most restrictive will always win out. To make it simple, I always give
"Authenticated Users" modify rights on the share, and then I use NTFS
permissions to lock down access.
So in your case, make sure you have Share
permissions opened up as widely as possible and make sure that "Domain
Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying
through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to wait for
the network connection to establish before running any scripts, although
it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying through
GPO
Right now i have w2003 DC and XP wks, i want to
copy a file to all wks through gpo, my problem is that thorugh gpo the
file is not copying to the wks.
i have a little and easy CMD script that works
if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other
forums and assigned domain computers permission, everyone, auth users,
almos everything to the share where WKS have to retrive the file but is
not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any
attachments are intended only for the use of the intended recipient(s),
are confidential, and may be privileged. If you are not the intended
recipient, you are hereby notified that any review, retransmission,
conversion to hard copy, copying, circulation or other use of all or any
portion of this message and any attachments is strictly prohibited. If
you are not the intended recipient, please notify the sender immediately
by return e-mail, and delete this message and any attachments from your
system.
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| hriosm
Posts:18
| | 04/08/2010 5:03 PM |
| Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth users, and the
same permissions to NTFS (security).
thanks for continue with your help, what do you think is happening regrding
permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
> Hector,
>
> no brackets....the line should be like this
>
> objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Wednesday, April 07, 2010 5:03 PM
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
> Francis, the script is not working, it said error on line 13, path not
> found, i guess is not connecting to my share i used that with brackets as
> you said and without brackets.
>
> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>
> i used
>
> objFSO CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting
> (SEND ME INVALID ARGUMENT
>
> objFSO CopyFile\\{myservername{\{myshare\MYFILE}",wslocation
> OverwriteExisting
>
> SEND ME INVALID PATH
>
> maye the brackets, maybe soemthing else is not good at all.
>
> Thanks.
>
> Hector,
>
>>
>> The following script has always worked for me. Substitute {directory} as
>> the destination directory, and {servername}\{share} as the network location
>> of the file. I ran this from the computer configuration\scripts\startup
>> since the file needed to be on every computer no matter the user.
>>
>>
>> Dim objFSO, WshNetwork
>>
>> Const OverwriteExisting = True
>>
>> Set objFSO = CreateObject("Scripting.FileSystemObject")
>>
>> Set WshNetwork = Createobject("Wscript.Network")
>>
>> strComputer = WshNetwork.Computername
>>
>> wsLocation = "C:\{directory}\"
>>
>> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>>
>> ------------------------------
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Nelson, Jamie
>> *Sent:* Tuesday, April 06, 2010 4:21 PM
>>
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* RE: [gptalk] Files are not copying through GPO
>>
>> Would it be possible for you to post the contents of the script?
>> Please change any environment specific information (server names, users,
>> etc) to protect your organization’s privacy before doing so.
>>
>>
>>
>> Did you also see Jerry’s recommendation about using Group Policy
>> Preferences (GPP)? It would make what you’re trying to do much simpler.
>>
>>
>>
>> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
>> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
>> http://www.dvn.com
>>
>>
>>
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
>> *Sent:* Tuesday, April 06, 2010 3:08 PM
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* Re: [gptalk] Files are not copying through GPO
>>
>>
>>
>> no sr. i tried with UNC but didnt work, that was weird, but it was true.
>> now the only thing i need is to protect that script to not expose the
>> password of that user i used to map the network drive.
>>
>>
>>
>> do you have any idea how to encrypt with net use?
>>
>> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>>
>> Okay, yeah that is a pretty common thing. I am actually wondering why you
>> need to map a network drive to copy a file. Does using a UNC path not work
>> for you?
>>
>>
>>
>> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
>> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
>> http://www.dvn.com
>>
>>
>>
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
>> *Sent:* Tuesday, April 06, 2010 2:08 PM
>>
>>
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* Re: [gptalk] Files are not copying through GPO
>>
>>
>>
>> i gave domain computers fc permission and didnt work, HD want to have on
>> all Domain machines a special file to run in case they needed, the only way
>> to transfer that to all of them is a GPO.
>>
>>
>>
>> to avoid user names and doing a mess with our currently logon script, i
>> decided to do that as an startup script.
>>
>>
>>
>> thanks.
>>
>> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>>
>> If you have granted the computer object the required permissions, you
>> should be able to map the drive without having to provide a user’s
>> credentials. Curious why you would need to do this in a startup script
>> though.
>>
>>
>>
>> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
>> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
>> http://www.dvn.com
>>
>>
>>
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
>> *Sent:* Tuesday, April 06, 2010 1:18 PM
>>
>>
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* Re: [gptalk] Files are not copying through GPO
>>
>>
>>
>> yes sr. i indluded /y. i just want to show you as simple as possible.
>>
>>
>>
>> Now my script is working but i needed to map a network drive first with
>> any user credentials
>>
>> could you let me know how to encrypt the password of that user to avoid
>> show that on the script?
>>
>>
>>
>> thanks.
>>
>> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
>>
>> Don't you need to include some switches to prevent prompting?
>>
>>
>>
>> Martin T. Hugo
>>
>> Network Administrator
>>
>> Hilliard City Schools
>>
>> Tel: 614-921-7102
>> ------------------------------
>>
>> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
>> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx]
>> *Sent:* Tuesday, April 06, 2010 1:16 PM
>>
>>
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* Re: [gptalk] Files are not copying through GPO
>>
>>
>>
>> Reading the file from the origin.
>>
>>
>>
>> my script said
>>
>>
>>
>> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>>
>>
>>
>> it seems that user/computer at startup script is not allowed to access my
>> share.
>>
>>
>>
>>
>>
>> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
>>
>> Denied on reading the file or writing to the local computer?
>>
>>
>>
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
>> *Sent:* 06 April 2010 17:26
>>
>>
>> *To:* xxxxxxxxxxxxxxxx
>>
>> *Subject:* Re: [gptalk] Files are not copying through GPO
>>
>>
>>
>> i reviewed what andrew and you said, Network connection is not the
>> problem, i enabled to wait for a network connection, the message still is
>> Access Denied, i gave all necessary permissions you recommend me
>>
>>
>>
>> Waiting more suggestions, i really appreciate your help
>>
>> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>>
>> Andrew is right on here. Sometimes Group Policy Processing (especially
>> scripts) gets in a race condition with the initiation of the network
>> connection. Setting this setting usually helps quite a bit. If you’re still
>> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
>> registry setting and see if it helps. It is discussed in the following KB
>> article.
>>
>>
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>>
>>
>>
>> Also make sure you haven’t only set share permissions. When dealing with
>> Share/NTFS permissions, remember that the most restrictive will always win
>> out. To make it simple, I always give “Authenticated Users” modify rights on
>> the share, and then I use NTFS permissions to lock down access.
>>
>>
>>
>> So in your case, make sure you have Share permissions opened up as widely
>> as possible and make sure that “Domain Computers” has a minimum of “Read”
>> NTFS permissions.
>>
>>
>>
>>
>>
>> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
>> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
>> http://www.dvn.com
>>
>>
>>
>> *From:* xxxxxxxxxxxxxxxx [mailto:
>> xxxxxxxxxxxxxxxx] *On Behalf Of *Andrew McHale
>> *Sent:* Tuesday, April 06, 2010 10:36 AM
>>
>>
>> *To:* xxxxxxxxxxxxxxxx
>>
>> *Subject:* RE: [gptalk] Files are not copying through GPO
>>
>>
>>
>> Hi Hector,
>> The script could be failing because the connection to the network has not
>> established yet. Do you set the "Always *wait for network* at computer
>> startup and logon" setting in your domain? It can be found under “Computer
>> Configuration\Administrative Templates\System\Logon\”. This would force
>> the workstations to wait for the network connection to establish before
>> running any scripts, although it may increase the system boot up time.
>>
>> Hope this helps.
>>
>>
>>
>> Andrew
>>
>>
>>
>> *From:* Hector Rios [mailto:xxxxxxxxxxxxxxxx]
>> *Sent:* 06 April 2010 16:22
>> *To:* xxxxxxxxxxxxxxxx
>> *Subject:* [gptalk] Files are not copying through GPO
>>
>>
>>
>> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
>> through gpo, my problem is that thorugh gpo the file is not copying to the
>> wks.
>>
>>
>>
>> i have a little and easy CMD script that works if it is executed locally
>> from the WKS but if not working from my GPO
>>
>>
>>
>> i have this as Startup script, i have read other forums and assigned
>> domain computers permission, everyone, auth users, almos everything to the
>> share where WKS have to retrive the file but is not working.
>>
>>
>>
>> could anybody know how this could be working?
>>
>>
>>
>> This is urgent, i will be pending of my email.
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>> *
>> ------------------------------
>> *
>>
>> *Confidentiality Warning:* This message and any attachments are intended
>> only for the use of the intended recipient(s), are confidential, and may be
>> privileged. If you are not the intended recipient, you are hereby notified
>> that any review, retransmission, conversion to hard copy, copying,
>> circulation or other use of all or any portion of this message and any
>> attachments is strictly prohibited. If you are not the intended recipient,
>> please notify the sender immediately by return e-mail, and delete this
>> message and any attachments from your system.
>>
>>
>>
>>
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>>
>>
>>
>>
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>>
>>
>>
>>
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>>
>>
>>
>>
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>>
>>
>>
>>
>> --
>> Antes que nadie, recuerda que cuentas contigo mismo.
>> Herm 2009
>>
>>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:18
| | 04/08/2010 5:03 PM |
| Hector,
You have the script as a Computer Startup script and not a user login
script, correct? Because if this is a computer script, then the script
should run in the local machine's SYSTEM account and would not require
any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth
users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Francis, the script is not working, it said
error on line 13, path not found, i guess is not connecting to my share
i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not
good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| DarraghOShaughnessy
Posts:161
| | 04/08/2010 5:05 PM |
| Run the script using psexec -s and run procmon.exe to see exactly
what''s going on. Turn on auditing on the share also.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user login
script, correct? Because if this is a computer script, then the script
should run in the local machine's SYSTEM account and would not require
any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth
users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on
line 13, path not found, i guess is not connecting to my share i used
that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation
OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at
all.
Thanks.
Hector,
The following script has always worked for me.
Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| DarraghOShaughnessy
Posts:161
| | 04/08/2010 5:41 PM |
| Also, have you tried bypassing name resolution by using the IP address
of the server? This will also ensure NTLM is used for authentication
bypassing any Kerberos issues.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user login
script, correct? Because if this is a computer script, then the script
should run in the local machine's SYSTEM account and would not require
any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth
users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on
line 13, path not found, i guess is not connecting to my share i used
that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation
OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at
all.
Thanks.
Hector,
The following script has always worked for me.
Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:18
| | 04/08/2010 5:48 PM |
| Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in computer
startup, which should use the local machine's SYSTEM account, getting a
permission denied. I agree that GPP would be better, but in a pinch
sometimes we just have to go back to the old methods. The script I
posted, I use almost every week and never had an issue with. Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not
a user login script, correct? Because if this is a computer script,
then the script should run in the local machine's SYSTEM account and
would not require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Ok, and we are in the same point as the
beginning
Permission denied
i have fc on the share to Domain computers,
everyone, auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you
think is happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like
this
objFSO.CopyFile "\\servername\share",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Francis, the script is not working, it
said error on line 13, path not found, i guess is not connecting to my
share i used that with brackets as you said and without brackets.
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else
is not good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| Martin_Hugo
Posts:26
| | 04/08/2010 5:52 PM |
| Perhaps the deny is on the destination because it is implicitly denied elsewhere (Def Dom Pol, or local Pol perhaps)?
Marty
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 11:50 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in computer startup, which should use the local machine's SYSTEM account, getting a permission denied. I agree that GPP would be better, but in a pinch sometimes we just have to go back to the old methods. The script I posted, I use almost every week and never had an issue with. Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
You have the script as a Computer Startup script and not a user login script, correct? Because if this is a computer script, then the script should run in the local machine's SYSTEM account and would not require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on line 13, path not found, i guess is not connecting to my share i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at all.
Thanks.
Hector,
The following script has always worked for me. Substitute {directory} as the destination directory, and {servername}\{share} as the network location of the file. I ran this from the computer configuration\scripts\startup since the file needed to be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials
could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| DarraghOShaughnessy
Posts:161
| | 04/08/2010 5:54 PM |
| Why not do some enumeration i.e. enumerate the dir/file listing in the
share ................ Again, auditing will reveal why you get
permission denied. There is nothing on the machines blocking you
creating the COM objects?
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Martin Hugo
Sent: 08 April 2010 16:55
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Files are not copying through GPO
Perhaps the deny is on the destination because it is implicitly denied
elsewhere (Def Dom Pol, or local Pol perhaps)?
Marty
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 11:50 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in computer
startup, which should use the local machine's SYSTEM account, getting a
permission denied. I agree that GPP would be better, but in a pinch
sometimes we just have to go back to the old methods. The script I
posted, I use almost every week and never had an issue with. Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user
login script, correct? Because if this is a computer script, then the
script should run in the local machine's SYSTEM account and would not
require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone,
auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Francis, the script is not working, it said
error on line 13, path not found, i guess is not connecting to my share
i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not
good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:18
| | 04/08/2010 5:54 PM |
| Marty,
That sounds pretty good, so Hector, just for the heck of it, have you
moved your source directory to another server?
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Martin Hugo
Sent: Thursday, April 08, 2010 11:55 AM
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Files are not copying through GPO
Perhaps the deny is on the destination because it is implicitly
denied elsewhere (Def Dom Pol, or local Pol perhaps)?
Marty
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 11:50 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in
computer startup, which should use the local machine's SYSTEM account,
getting a permission denied. I agree that GPP would be better, but in
a pinch sometimes we just have to go back to the old methods. The
script I posted, I use almost every week and never had an issue with.
Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup
script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not
a user login script, correct? Because if this is a computer script,
then the script should run in the local machine's SYSTEM account and
would not require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Ok, and we are in the same point as the
beginning
Permission denied
i have fc on the share to Domain computers,
everyone, auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you
think is happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Francis, the script is not working, it
said error on line 13, path not found, i guess is not connecting to my
share i used that with brackets as you said and without brackets.
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else
is not good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
|
|