| Author | Messages | |
kevingay
Posts:5
 | | 04/08/2010 5:59 PM |
| You most likely have Anonymous enumeration of Sam Accounts and shares
turned off in the domain. In order to authenticate to a share via script
running as a local account you'll need to put a net use command at the
top. i.e.
Set objShell = CreateObject(Wscript.Shell)
objShell.Run "cmd /c net use \\servername\share
<file:///\\servername\share> /user:domain\user password",0,true
Wscript.sleep 1000 ' this is not required but I like to put a small
pause after authentication so the script doesn't jump the gun so to
speak.
objFSO.CopyFile "\\servername\share\file", wslocation, True
so what this will do is add an authenticated path to \\servername\share
<file:///\\servername\share> using the domain\user specified. Note the
password in the command isn't pre-pended by a flag and user and password
are separate.
The 0 will tell it to not display the command window so prying eyes
don't see the password everytime the command is run, for testing you can
use 1 to see the window.
The True will cause the script to wait until the open command box is
closed, you want this because you want to have authentication before
attempting a file copy.
Running as system is the same as running as any local account on the
machine, log in as any local account and in a command window run "net
use" if the list is empty then in the run prompt type \\servername\share
<file:///\\servername\share> and see if it pops up a windows prompt, if
it does then you will need to add the objShell code above.
The catch is that there is domain user and password sitting in the
script which is in plain text, you can also use the vbscript encoder to
encode the script, but that is easily reversed, just takes someone who
knows how.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 10:42 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Run the script using psexec -s and run procmon.exe to see exactly
what''s going on. Turn on auditing on the share also.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user login
script, correct? Because if this is a computer script, then the script
should run in the local machine's SYSTEM account and would not require
any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth
users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on
line 13, path not found, i guess is not connecting to my share i used
that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation
OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at
all.
Thanks.
Hector,
The following script has always worked for me.
Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| DarraghOShaughnessy
Posts:177
| | 04/08/2010 6:03 PM |
| Kevin, I have to disagree with this. You should never have a password in
plaintext in a file. If the machine is domain joined then it has a
security principal called <machinename>$ in Active directory
"Running as system is the same as running as any local account on the
machine" statement is incorrect, ''Network Service''/"Local Service" is
not the same as local System.
Also, if that account locks, then the script runs for nobody
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Kevin Gay
Sent: 08 April 2010 17:02
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
You most likely have Anonymous enumeration of Sam Accounts and shares
turned off in the domain. In order to authenticate to a share via script
running as a local account you'll need to put a net use command at the
top. i.e.
Set objShell = CreateObject(Wscript.Shell)
objShell.Run "cmd /c net use \\servername\share
<file:///\\servername\share> /user:domain\user password",0,true
Wscript.sleep 1000 ' this is not required but I like to put a small
pause after authentication so the script doesn't jump the gun so to
speak.
objFSO.CopyFile "\\servername\share\file", wslocation, True
so what this will do is add an authenticated path to \\servername\share
<file:///\\servername\share> using the domain\user specified. Note the
password in the command isn't pre-pended by a flag and user and password
are separate.
The 0 will tell it to not display the command window so prying eyes
don't see the password everytime the command is run, for testing you can
use 1 to see the window.
The True will cause the script to wait until the open command box is
closed, you want this because you want to have authentication before
attempting a file copy.
Running as system is the same as running as any local account on the
machine, log in as any local account and in a command window run "net
use" if the list is empty then in the run prompt type \\servername\share
<file:///\\servername\share> and see if it pops up a windows prompt, if
it does then you will need to add the objShell code above.
The catch is that there is domain user and password sitting in the
script which is in plain text, you can also use the vbscript encoder to
encode the script, but that is easily reversed, just takes someone who
knows how.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 10:42 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Run the script using psexec -s and run procmon.exe to see exactly
what''s going on. Turn on auditing on the share also.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user login
script, correct? Because if this is a computer script, then the script
should run in the local machine's SYSTEM account and would not require
any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth
users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on
line 13, path not found, i guess is not connecting to my share i used
that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation,
OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation
OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at
all.
Thanks.
Hector,
The following script has always worked for me.
Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| frevere
Posts:28
| | 04/08/2010 6:07 PM |
| Darragh is correct on this one, and is also correct that both the source
and destination directories should end with the \. If not the script
will expect that anything past the \ mark is the filename, but that
should be obvious. If you need the entire contents of a directory
copied to a specific location the context should be \\servername\share\
(source directory) to wsLocation, which should be specified as
drive:\location\.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 12:08 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Kevin, I have to disagree with this. You should never have a
password in plaintext in a file. If the machine is domain joined then it
has a security principal called <machinename>$ in Active directory
"Running as system is the same as running as any local account
on the machine" statement is incorrect, ''Network Service''/"Local
Service" is not the same as local System.
Also, if that account locks, then the script runs for nobody
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider
using Eco Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>
This e-mail and any files transmitted with it contain
information which may be confidential and which may also be privileged
and is intended solely for the use of the individual or entity to whom
it is addressed. Unless you are the intended recipient you may not copy
or use it, or disclose it to anyone else. Any opinions expressed are
that of the individual and not necessarily that of Vhi Healthcare. If
you have received this e-mail in error please notify the sender by
return. This footnote also confirms that this e-mail message has been
Swept for the presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Kevin Gay
Sent: 08 April 2010 17:02
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
You most likely have Anonymous enumeration of Sam Accounts and
shares turned off in the domain. In order to authenticate to a share via
script running as a local account you'll need to put a net use command
at the top. i.e.
Set objShell = CreateObject(Wscript.Shell)
objShell.Run "cmd /c net use \\servername\share
<file:///\\servername\share> /user:domain\user password",0,true
Wscript.sleep 1000 ' this is not required but I like to put a
small pause after authentication so the script doesn't jump the gun so
to speak.
objFSO.CopyFile "\\servername\share\file", wslocation, True
so what this will do is add an authenticated path to
\\servername\share <file:///\\servername\share> using the domain\user
specified. Note the password in the command isn't pre-pended by a flag
and user and password are separate.
The 0 will tell it to not display the command window so prying
eyes don't see the password everytime the command is run, for testing
you can use 1 to see the window.
The True will cause the script to wait until the open command
box is closed, you want this because you want to have authentication
before attempting a file copy.
Running as system is the same as running as any local account on
the machine, log in as any local account and in a command window run
"net use" if the list is empty then in the run prompt type
\\servername\share <file:///\\servername\share> and see if it pops up a
windows prompt, if it does then you will need to add the objShell code
above.
The catch is that there is domain user and password sitting in
the script which is in plain text, you can also use the vbscript encoder
to encode the script, but that is easily reversed, just takes someone
who knows how.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 10:42 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Run the script using psexec -s and run procmon.exe to see
exactly what''s going on. Turn on auditing on the share also.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider
using Eco Font to save ink: http://www.ecofont.eu/ecofont_en.html
This e-mail and any files transmitted with it contain
information which may be confidential and which may also be privileged
and is intended solely for the use of the individual or entity to whom
it is addressed. Unless you are the intended recipient you may not copy
or use it, or disclose it to anyone else. Any opinions expressed are
that of the individual and not necessarily that of Vhi Healthcare. If
you have received this e-mail in error please notify the sender by
return. This footnote also confirms that this e-mail message has been
Swept for the presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user
login script, correct? Because if this is a computer script, then the
script should run in the local machine's SYSTEM account and would not
require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone,
auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Francis, the script is not working, it said
error on line 13, path not found, i guess is not connecting to my share
i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not
good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| jeromelcruz
Posts:123
| | 04/08/2010 8:43 PM |
| Hector,
Did you ever get a chance to see if some kind of "Deny access to this computer from the network" setting was configured on the server (the server 'sharing' the files).
Also, I believe someone noted that you should test against a different system to see if 'again' it's the 'server sharing that data that is having a problem.
Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture | Boeing IT
Office 425-865-6755 | Mobile 425-591-6491
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 8:50 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in computer startup, which should use the local machine's SYSTEM account, getting a permission denied. I agree that GPP would be better, but in a pinch sometimes we just have to go back to the old methods. The script I posted, I use almost every week and never had an issue with. Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
You have the script as a Computer Startup script and not a user login script, correct? Because if this is a computer script, then the script should run in the local machine's SYSTEM account and would not require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on line 13, path not found, i guess is not connecting to my share i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at all.
Thanks.
Hector,
The following script has always worked for me. Substitute {directory} as the destination directory, and {servername}\{share} as the network location of the file. I ran this from the computer configuration\scripts\startup since the file needed to be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials
could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| kevingay
Posts:5
| | 04/08/2010 9:45 PM |
| Ahh yes I see, Sorry, I'm used to dealing with scripts that run as
administrator (post machine imaging) that need automatic access to a
share, course the password is also encoded inside the script which is
then encoded then encrypted into an executable, wanted to make it very
difficult to yank the password out. Anyway.
So in the interest of troubleshooting.
I'm assuming you already have psexec as I seen it mentioned earlier, if
not http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Copy this script to like C:\temp\whatever.vbs
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShare = objFSO.GetFolder("\\server\share")
For Each folder In objShare.SubFolders
WScript.Echo folder.name
Next
Then run psexec -s cmd This will bring up a command window running as
system.
Enter cscript C:\temp\whatever.vbs
You should see a list of folders that is inside the share. If this works
then in must be a syntax problem on the file copy.
Hmm, interesting bug it seems if you want to copy a file and rename it
at the same time, you can, but only if the destination does not contain
a folder of the same name.
i.e.
objFSO.Copyfile "\\server\share\file.txt",
"C:\localfolder\newfile.txt",True
this copies the file.txt and renames it to newfile.txt
However if you happen to have a folder called newfile.txt inside the
localfolder, it will try overwriting the folder with a file, and windows
will deny that.
Also, I finally read what the problem is. Here's a way that nearly goes
around needing authentication, recommended for smallish files.
Set objFSO = CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile objFSO.GetAbsolutePathName(".") & "\SomeFile.txt",
"C:\temp\",True
Inside the GPO where the startup script is sitting add the file you want
to copy, it will be in a directory like
\\domain.com\sysvol\domain.com\Policies\{LongHexHere}\Machine\Scripts\St
artup
<file:///\\domain.com\sysvol\domain.com\Policies\%7bLongHexHere%7d\Machi
ne\Scripts\Startup>
When the script runs at startup it will already have network access to
the file because it's in the GPO itself. That
objFSO.GetAbsolutePathName(".") returns the full path that the script is
executing from, the GPO. So sitting a file next to the script then
telling it to copy from the GPO fixes authentication problems because
the machine has already authenticated itself for you.
Pros:
Authentication problem is "fixed"
File is distributed from domain controllers themselves, meaning the
closest DC to the machine will be where it's pulled from, it's WAN
friendly.
Cons:
If the destination directory doesn't exist it will fail as
objFSO.Copyfile does not create directories
You are putting a file in a GPO to be downloaded by everyone from the
domain controller, I've never had any issues as long as the file itself
is relatively small, < 3mb
Pulling from a single share can cause WAN problems if many pull the file
at the same time.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 11:13 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Darragh is correct on this one, and is also correct that both the source
and destination directories should end with the \. If not the script
will expect that anything past the \ mark is the filename, but that
should be obvious. If you need the entire contents of a directory
copied to a specific location the context should be \\servername\share\
<file:///\\servername\share\> (source directory) to wsLocation, which
should be specified as drive:\location\.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 12:08 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Kevin, I have to disagree with this. You should never have a
password in plaintext in a file. If the machine is domain joined then it
has a security principal called <machinename>$ in Active directory
"Running as system is the same as running as any local account
on the machine" statement is incorrect, ''Network Service''/"Local
Service" is not the same as local System.
Also, if that account locks, then the script runs for nobody
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider
using Eco Font to save ink: http://www.ecofont.eu/ecofont_en.html
This e-mail and any files transmitted with it contain
information which may be confidential and which may also be privileged
and is intended solely for the use of the individual or entity to whom
it is addressed. Unless you are the intended recipient you may not copy
or use it, or disclose it to anyone else. Any opinions expressed are
that of the individual and not necessarily that of Vhi Healthcare. If
you have received this e-mail in error please notify the sender by
return. This footnote also confirms that this e-mail message has been
Swept for the presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Kevin Gay
Sent: 08 April 2010 17:02
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
You most likely have Anonymous enumeration of Sam Accounts and
shares turned off in the domain. In order to authenticate to a share via
script running as a local account you'll need to put a net use command
at the top. i.e.
Set objShell = CreateObject(Wscript.Shell)
objShell.Run "cmd /c net use \\servername\share
<file:///\\servername\share> /user:domain\user password",0,true
Wscript.sleep 1000 ' this is not required but I like to put a
small pause after authentication so the script doesn't jump the gun so
to speak.
objFSO.CopyFile "\\servername\share\file", wslocation, True
so what this will do is add an authenticated path to
\\servername\share <file:///\\servername\share> using the domain\user
specified. Note the password in the command isn't pre-pended by a flag
and user and password are separate.
The 0 will tell it to not display the command window so prying
eyes don't see the password everytime the command is run, for testing
you can use 1 to see the window.
The True will cause the script to wait until the open command
box is closed, you want this because you want to have authentication
before attempting a file copy.
Running as system is the same as running as any local account on
the machine, log in as any local account and in a command window run
"net use" if the list is empty then in the run prompt type
\\servername\share <file:///\\servername\share> and see if it pops up a
windows prompt, if it does then you will need to add the objShell code
above.
The catch is that there is domain user and password sitting in
the script which is in plain text, you can also use the vbscript encoder
to encode the script, but that is easily reversed, just takes someone
who knows how.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Darragh
O'Shaughnessy
Sent: Thursday, April 08, 2010 10:42 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Run the script using psexec -s and run procmon.exe to see
exactly what''s going on. Turn on auditing on the share also.
Regards,
Darragh O'Shaughnessy
IT Services Department
E-Mail: xxxxxxxxxxxxxxxx
Ext: 2562
Direct Dial In: 01-7994028
Web Site: www.vhi.ie
Help the environment. If you need to print this email consider
using Eco Font to save ink: http://www.ecofont.eu/ecofont_en.html
This e-mail and any files transmitted with it contain
information which may be confidential and which may also be privileged
and is intended solely for the use of the individual or entity to whom
it is addressed. Unless you are the intended recipient you may not copy
or use it, or disclose it to anyone else. Any opinions expressed are
that of the individual and not necessarily that of Vhi Healthcare. If
you have received this e-mail in error please notify the sender by
return. This footnote also confirms that this e-mail message has been
Swept for the presence of computer viruses.
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 08 April 2010 16:39
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
You have the script as a Computer Startup script and not a user
login script, correct? Because if this is a computer script, then the
script should run in the local machine's SYSTEM account and would not
require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone,
auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is
happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation,
OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying
through GPO
Francis, the script is not working, it said
error on line 13, path not found, i guess is not connecting to my share
i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}",
wsLocation, OverwriteExisting
i used
objFSO
CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND
ME INVALID ARGUMENT
objFSO
CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not
good at all.
Thanks.
Hector,
The following script has always worked
for me. Substitute {directory} as the destination directory, and
{servername}\{share} as the network location of the file. I ran this
from the computer configuration\scripts\startup since the file needed to
be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set WshNetwork =
Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile
"\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Would it be possible for you to post the
contents of the script? Please change any environment specific
information (server names, users, etc) to protect your organization's
privacy before doing so.
Did you also see Jerry's recommendation
about using Group Policy Preferences (GPP)? It would make what you're
trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
no sr. i tried with UNC but didnt work,
that was weird, but it was true. now the only thing i need is to protect
that script to not expose the password of that user i used to map the
network drive.
do you have any idea how to encrypt with
net use?
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Okay, yeah that is a pretty common
thing. I am actually wondering why you need to map a network drive to
copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i gave domain computers fc permission
and didnt work, HD want to have on all Domain machines a special file to
run in case they needed, the only way to transfer that to all of them is
a GPO.
to avoid user names and doing a mess
with our currently logon script, i decided to do that as an startup
script.
thanks.
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
If you have granted the computer object
the required permissions, you should be able to map the drive without
having to provide a user's credentials. Curious why you would need to do
this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
yes sr. i indluded /y. i just want to
show you as simple as possible.
Now my script is working but i needed to
map a network drive first with any user credentials
could you let me know how to encrypt the
password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo
<xxxxxxxxxxxxxxxx>
Don't you need to include some switches
to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx
[xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
[xxxxxxxxxxxxxxxx]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile
c:\dircreatedbyscript\myfile
it seems that user/computer at startup
script is not allowed to access my share.
2010/4/6 Dave Sharples
<xxxxxxxxxxxxxxxx>
Denied on reading the file or writing to
the local computer?
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not
copying through GPO
i reviewed what andrew and you said,
Network connection is not the problem, i enabled to wait for a network
connection, the message still is Access Denied, i gave all necessary
permissions you recommend me
Waiting more suggestions, i really
appreciate your help
2010/4/6 Nelson, Jamie
<xxxxxxxxxxxxxxxx>
Andrew is right on here. Sometimes Group
Policy Processing (especially scripts) gets in a race condition with the
initiation of the network connection. Setting this setting usually helps
quite a bit. If you're still having problems you might also look at the
GpNetworkStartTimeoutPolicyValue registry setting and see if it helps.
It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set
share permissions. When dealing with Share/NTFS permissions, remember
that the most restrictive will always win out. To make it simple, I
always give "Authenticated Users" modify rights on the share, and then I
use NTFS permissions to lock down access.
So in your case, make sure you have
Share permissions opened up as widely as possible and make sure that
"Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T
Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 |
Mobile: ' 405.248.7963 | http://www.dvn.com <http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not
copying through GPO
Hi Hector,
The script could be failing because the
connection to the network has not established yet. Do you set the
"Always wait for network at computer startup and logon" setting in your
domain? It can be found under "Computer Configuration\Administrative
Templates\System\Logon\".
This would force the workstations to
wait for the network connection to establish before running any scripts,
although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios
[mailto:xxxxxxxxxxxxxxxx]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Files are not copying
through GPO
Right now i have w2003 DC and XP wks, i
want to copy a file to all wks through gpo, my problem is that thorugh
gpo the file is not copying to the wks.
i have a little and easy CMD script that
works if it is executed locally from the WKS but if not working from my
GPO
i have this as Startup script, i have
read other forums and assigned domain computers permission, everyone,
auth users, almos everything to the share where WKS have to retrive the
file but is not working.
could anybody know how this could be
working?
This is urgent, i will be pending of my
email.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message
and any attachments are intended only for the use of the intended
recipient(s), are confidential, and may be privileged. If you are not
the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other
use of all or any portion of this message and any attachments is
strictly prohibited. If you are not the intended recipient, please
notify the sender immediately by return e-mail, and delete this message
and any attachments from your system.
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas
contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo
mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| jeromelcruz
Posts:123
| | 04/08/2010 9:45 PM |
| Dave...
Two easy alternatives:
1) Use the existence of the SYSWOW64 folder as a filter criteria. You can then put both GPP based file copy instructions in the same GPP based GPO and copy the files to the correct OS quite easily.
2) Use the exact same filtering instruction (SysWOW64 or not) and the Environment Variable GPP setting to create a new environment variable whose value points to the correct folder for each system. Then, any script or GPP based copy setting ban use that single new environment variable across a range of systems. [Note: We've used this particular method just recently...it allowed us to make a single code change --to use the new environment variable--on an existing set of deployment packages...worked beautifully.]
Jerry Cruz | Group Policies Product Manager | Windows Server and Infrastructure Architecture
-----Original Message-----
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:55 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
One extra thing on this which annoys me as was wondering if there was a workaround.
Copying files to %programfiles% on 32 and 64 bit systems. If i have deployed a 32Bit app to a 64bit machine it goes in %programfiles(x86)%. Then if I want to copy a file in I need 2 preferences, one for 32 and one for 64 which I am using targetting on via a WMI query (which I can never remember and there doesnt appear to be a built in targetting type for this).
Is there a better way to manage the 32/64 bit different with files?
Ta
On 7 Apr 2010, at 21:10, Cruz, Jerome L wrote:
Hector... (and others)...
Here is a list of the items that you can configure 'directly' with Group Policy Preferences (GPP). So 'run', do not 'walk', to deploy. 
GPP Extension Use GPOs to...
Drive Maps Create, modify, or delete mapped drives, and configure the visibility of all drives.
Environment Variables Create, modify, or delete environment variables.
Files Copy, modify the attributes of, replace, or delete files.
Folders Create, modify, or delete folders.
Ini Files Add, replace, or delete sections or properties in settings (.ini) or setup information (.inf) files.
Network Shares Create, modify, or delete ("un-share") network shares.
Registry Copy registry settings and apply them to other computers. Create, replace, or delete registry settings.
Shortcuts Create, modify, or delete shortcuts.
Data Sources Create, modify, or delete Open Database Connectivity (ODBC) data source names.
Devices Enable or disable hardware devices or classes of devices.
Folder Options Configure folder options; create, modify, or delete Open With associations for file name extensions; create, modify, or delete file extensions associated with a type of files.
Internet Settings Modify user-configurable Internet settings.
Local Users and Groups Create, modify, or delete local users and groups.
Network Options Create, modify, or delete virtual private networking (VPN) or dial-up networking (DUN) connections.
Power Options Modify power options and create, modify, or delete power schemes.
Printers Create, modify, or delete TCP/IP, shared, and local printer connections.
Regional Options Modify regional options.
Scheduled Tasks Create, modify, or delete scheduled or immediate tasks.
Services Modify services.
Start Menu Modify Start menu options.
I don't know if you'll be able to see the attached picture here, but this is what most of the GPP interfaces look like.
<image002.jpg>
No more...
* Creating/borrowing scripts
* Testing those scripts
* Managing those scripts
* Updating the scripts (and doing it all over again)
Also, look at the filtering capabilities you get (different filters like these can be are 'each' item in the same GPO). There are 25 types and here are a few:
* Battery Present
* Computer Name
* CPU Speed
* Date Match
* Time Match
* Environment variable (see below)
* IP address range
* Operating system
* OU
* Security Group
* Registry match
* Query types: LDAP, MSI, and/or WMI
Oh and you can have more than one filter... Try "All Windows XP+SP2 devices get a new file copied to them starting at 6PM if they are in the XXX or ZZZ security group", but "All Windows XP+SP3 devices get a different set of files copied to them starting at 7 PM if they are in the XXX, YYYY, or ZZZ security group"
And GPPEs support 46 built-in Environment variables (a few are listed below), plus any already on your systems, and lastly, if you don't have one, you can create one since that is one of the GPP 'extensions' noted above.
Environment variable Description
%AppDataDir% The current user's Application Data directory.
%BinaryComputerSid% The SID of the computer in hexadecimal format.
%CommonProgramsDir% The "all users" Programs directory.
%ComputerName% The NetBIOS name of the computer.
%CurrentProcessId% The numeric identity of the main client process.
%DateTimeEx% The current time (UTC) with milliseconds.
%DomainName% The domain name or workgroup of the computer.
%OsVersion% The operating system: Server 2008, Vista, Server 2003, WinXP, etc.
%ResultCode% The client's exit code.
%SystemDir% The Windows system directory.
%TimeStamp% The time stamp of the configurations being executed.
%WindowsDir% The Windows directory.
Don't have something you like for a filter? Create a new Environment variable based upon one of the filters (like all PCs with Adobe reader version 6.3 installed), then use that Environmental variable to key another activity off (like run an update using a 'Immediate Task').
Like I said, 'run', do not 'walk' to deploy Group Policy Preferences!
Jerry
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 12:11 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Thanks, we are behind the schedule to implement this script, i will try the script first, and do later tests with Gpp and Cse´s
i really appreciate your help
2010/4/7 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
That's correct. The client side extensions (CSEs) are supported on everything from XP/2003 on up. The only catch is that you have to have a Vista/2008/7 box to create/edit the GPOs on, as Dave has already pointed out.
Note: If you have WSUS in your environment, you can push the CSEs out that way very easily. It's just an update approval and you're done.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: * 405.552.8054 | Mobile: * 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
-----Original Message-----
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Dave Sharples
Sent: Wednesday, April 07, 2010 1:50 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
you are wrong. You just need a vista / 2008 / 7 machine to edit GP's from
On 7 Apr 2010, at 19:48, Hector Rios wrote:
You guys are great!! Thanks, GPP is not an option since i have 2003 and xp, i read that for GPP is needed 2008 and vista, maybe im wrong.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile<smb://myserver/myshare/myfile> c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/><http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx><mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
| rwalker76
Posts:8
| | 04/12/2010 1:01 PM |
| Just out of interest the share wouldn't be part of a cluster would it? We had the exact same issue where XP clients could not connect to a clustered share as SYSTEM. Vista and 7 clients could connect fine. In the end after getting nowhere trying to figure it out I just moved that particular share to a single server outside the cluster.
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: 08 April 2010 16:58
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Marty,
That sounds pretty good, so Hector, just for the heck of it, have you moved your source directory to another server?
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Martin Hugo
Sent: Thursday, April 08, 2010 11:55 AM
To: 'xxxxxxxxxxxxxxxx'
Subject: RE: [gptalk] Files are not copying through GPO
Perhaps the deny is on the destination because it is implicitly denied elsewhere (Def Dom Pol, or local Pol perhaps)?
Marty
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Francis Revere
Sent: Thursday, April 08, 2010 11:50 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] Files are not copying through GPO
Hey Jamie, Jerry,
Does this make any sense to you? Running a .vbs script in computer startup, which should use the local machine's SYSTEM account, getting a permission denied. I agree that GPP would be better, but in a pinch sometimes we just have to go back to the old methods. The script I posted, I use almost every week and never had an issue with. Comments?
Francis
________________________________
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:39 AM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] Files are not copying through GPO
Yes sr. and thats the strange part. it is an starup script,
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
You have the script as a Computer Startup script and not a user login script, correct? Because if this is a computer script, then the script should run in the local machine's SYSTEM account and would not require any permissions for authenticated user or everyone.
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Thursday, April 08, 2010 11:05 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Ok, and we are in the same point as the beginning
Permission denied
i have fc on the share to Domain computers, everyone, auth users, and the same permissions to NTFS (security).
thanks for continue with your help, what do you think is happening regrding permissions?
2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Hector,
no brackets....the line should be like this
objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Wednesday, April 07, 2010 5:03 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Francis, the script is not working, it said error on line 13, path not found, i guess is not connecting to my share i used that with brackets as you said and without brackets.
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
i used
objFSO CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting (SEND ME INVALID ARGUMENT
objFSO CopyFile\\{myservername{\{myshare\MYFILE}",wslocation OverwriteExisting
SEND ME INVALID PATH
maye the brackets, maybe soemthing else is not good at all.
Thanks.
Hector,
The following script has always worked for me. Substitute {directory} as the destination directory, and {servername}\{share} as the network location of the file. I ran this from the computer configuration\scripts\startup since the file needed to be on every computer no matter the user.
Dim objFSO, WshNetwork
Const OverwriteExisting = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshNetwork = Createobject("Wscript.Network")
strComputer = WshNetwork.Computername
wsLocation = "C:\{directory}\"
objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Nelson, Jamie
Sent: Tuesday, April 06, 2010 4:21 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Would it be possible for you to post the contents of the script? Please change any environment specific information (server names, users, etc) to protect your organization's privacy before doing so.
Did you also see Jerry's recommendation about using Group Policy Preferences (GPP)? It would make what you're trying to do much simpler.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 3:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
no sr. i tried with UNC but didnt work, that was weird, but it was true. now the only thing i need is to protect that script to not expose the password of that user i used to map the network drive.
do you have any idea how to encrypt with net use?
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Okay, yeah that is a pretty common thing. I am actually wondering why you need to map a network drive to copy a file. Does using a UNC path not work for you?
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 2:08 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i gave domain computers fc permission and didnt work, HD want to have on all Domain machines a special file to run in case they needed, the only way to transfer that to all of them is a GPO.
to avoid user names and doing a mess with our currently logon script, i decided to do that as an startup script.
thanks.
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
If you have granted the computer object the required permissions, you should be able to map the drive without having to provide a user's credentials. Curious why you would need to do this in a startup script though.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: Tuesday, April 06, 2010 1:18 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
yes sr. i indluded /y. i just want to show you as simple as possible.
Now my script is working but i needed to map a network drive first with any user credentials
could you let me know how to encrypt the password of that user to avoid show that on the script?
thanks.
2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Don't you need to include some switches to prevent prompting?
Martin T. Hugo
Network Administrator
Hilliard City Schools
Tel: 614-921-7102
________________________________
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios [xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: Tuesday, April 06, 2010 1:16 PM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
Reading the file from the origin.
my script said
xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
it seems that user/computer at startup script is not allowed to access my share.
2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Denied on reading the file or writing to the local computer?
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Hector Rios
Sent: 06 April 2010 17:26
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: Re: [gptalk] Files are not copying through GPO
i reviewed what andrew and you said, Network connection is not the problem, i enabled to wait for a network connection, the message still is Access Denied, i gave all necessary permissions you recommend me
Waiting more suggestions, i really appreciate your help
2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>>
Andrew is right on here. Sometimes Group Policy Processing (especially scripts) gets in a race condition with the initiation of the network connection. Setting this setting usually helps quite a bit. If you're still having problems you might also look at the GpNetworkStartTimeoutPolicyValue registry setting and see if it helps. It is discussed in the following KB article.
http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
Also make sure you haven't only set share permissions. When dealing with Share/NTFS permissions, remember that the most restrictive will always win out. To make it simple, I always give "Authenticated Users" modify rights on the share, and then I use NTFS permissions to lock down access.
So in your case, make sure you have Share permissions opened up as widely as possible and make sure that "Domain Computers" has a minimum of "Read" NTFS permissions.
Jamie Nelson | Sr. Administrator | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 | http://www.dvn.com<http://www.dvn.com/>
From: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx> [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>] On Behalf Of Andrew McHale
Sent: Tuesday, April 06, 2010 10:36 AM
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: RE: [gptalk] Files are not copying through GPO
Hi Hector,
The script could be failing because the connection to the network has not established yet. Do you set the "Always wait for network at computer startup and logon" setting in your domain? It can be found under "Computer Configuration\Administrative Templates\System\Logon\".
This would force the workstations to wait for the network connection to establish before running any scripts, although it may increase the system boot up time.
Hope this helps.
Andrew
From: Hector Rios [mailto:xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>]
Sent: 06 April 2010 16:22
To: xxxxxxxxxxxxxxxx<mailto:xxxxxxxxxxxxxxxx>
Subject: [gptalk] Files are not copying through GPO
Right now i have w2003 DC and XP wks, i want to copy a file to all wks through gpo, my problem is that thorugh gpo the file is not copying to the wks.
i have a little and easy CMD script that works if it is executed locally from the WKS but if not working from my GPO
i have this as Startup script, i have read other forums and assigned domain computers permission, everyone, auth users, almos everything to the share where WKS have to retrive the file but is not working.
could anybody know how this could be working?
This is urgent, i will be pending of my email.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
________________________________
This email has been checked by the Council's content checker
________________________________
######################################################################################
Warning
Please note that whilst this e-mail and any attachments originate from Calderdale MBC,
the views expressed may not necessarily represent the views of Calderdale MBC.
This e-mail and any attachments may contain information that is privileged,
confidential or otherwise protected from disclosure.
They must not be used by, or copied or disclosed to persons other than the intended recipient.
Any liability (in negligence or otherwise) arising from any third party acting, or refraining from acting,
on any information contained in this e-mail is excluded.
If you have received this e-mail in error please inform the sender and delete the e-mail.
E-mail can never be 100% secure. Please bear this in mind and carry out such virus and other checks, as you consider appropriate.
Calderdale MBC accepts no responsibility in this regard.
Copyright of this e-mail and any attachments belongs to Calderdale MBC.
Should you communicate with anyone at Calderdale MBC by e-mail, you consent to the
Council monitoring, recording and reading any such correspondence.
######################################################################################
| | | |
| hriosm
Posts:18
| | 04/14/2010 4:27 PM |
| finally we have this working with this script, copying to help similar
cases., thaks to all of you
On Error Resume Next
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oShell = CreateObject("WScript.Shell")
strWinDir = oShell.ExpandEnvironmentStrings("%WinDir%")
strProgFiles = oShell.SpecialFolders("Programs")
strSysDrive = oShell.ExpandEnvironmentStrings("%SystemDrive%")
'This is the file you wish to copy
strMyFile = "\\your
domain\netlogon\yourfile.exe<file://your%20domain/netlogon/yourfile.exe>
"
'Copy file into SystemRoot
If oFS.FileExists(strMyFile)Then
oFS.CopyFile strMyFile, strWinDir & "\",True
End If
'Copy file into Programs
'If oFS.FileExists(strMyFile)Then
' oFS.CopyFile strMyFile, strProgFiles & "\"
'End If
'Copy file into SystemDrive
'If oFS.FileExists(strMyFile)Then
' oFS.CopyFile strMyFile, strSysDrive & "\"
'End If
2010/4/12 Richard Walker <xxxxxxxxxxxxxxxx>
> Just out of interest the share wouldn’t be part of a cluster would it? We
> had the exact same issue where XP clients could not connect to a clustered
> share as SYSTEM. Vista and 7 clients could connect fine. In the end after
> getting nowhere trying to figure it out I just moved that particular share
> to a single server outside the cluster.
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Francis Revere
> *Sent:* 08 April 2010 16:58
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Marty,
>
>
>
> That sounds pretty good, so Hector, just for the heck of it, have you moved
> your source directory to another server?
>
>
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Martin Hugo
> *Sent:* Thursday, April 08, 2010 11:55 AM
> *To:* 'xxxxxxxxxxxxxxxx'
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
> Perhaps the deny is on the destination because it is implicitly denied
> elsewhere (Def Dom Pol, or local Pol perhaps)?
>
>
>
> Marty
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Francis Revere
> *Sent:* Thursday, April 08, 2010 11:50 AM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Hey Jamie, Jerry,
>
>
>
> Does this make any sense to you? Running a .vbs script in computer
> startup, which should use the local machine's SYSTEM account, getting a
> permission denied. I agree that GPP would be better, but in a pinch
> sometimes we just have to go back to the old methods. The script I posted,
> I use almost every week and never had an issue with. Comments?
>
>
>
> Francis
>
>
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Thursday, April 08, 2010 11:39 AM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
> Yes sr. and thats the strange part. it is an starup script,
>
> 2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
>
> Hector,
>
>
>
> You have the script as a Computer Startup script and not a user login
> script, correct? Because if this is a computer script, then the script
> should run in the local machine's SYSTEM account and would not require any
> permissions for authenticated user or everyone.
>
>
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
>
> *Sent:* Thursday, April 08, 2010 11:05 AM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Ok, and we are in the same point as the beginning
>
>
>
> Permission denied
>
>
>
> i have fc on the share to Domain computers, everyone, auth users, and the
> same permissions to NTFS (security).
>
>
>
> thanks for continue with your help, what do you think is happening regrding
> permissions?
>
>
>
>
> 2010/4/8 Francis Revere <xxxxxxxxxxxxxxxx>
>
> Hector,
>
>
>
> no brackets....the line should be like this
>
>
>
> objFSO.CopyFile "\\servername\share", wsLocation, OverwriteExisting
>
>
>
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Wednesday, April 07, 2010 5:03 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Francis, the script is not working, it said error on line 13, path not
> found, i guess is not connecting to my share i used that with brackets as
> you said and without brackets.
>
> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>
> i used
>
> objFSO CopyFile\\{myservername{\{myshare}",wslocation OverwriteExisting
> (SEND ME INVALID ARGUMENT
>
> objFSO CopyFile\\{myservername{\{myshare\MYFILE}",wslocation
> OverwriteExisting
>
> SEND ME INVALID PATH
>
> maye the brackets, maybe soemthing else is not good at all.
>
> Thanks.
>
> Hector,
>
>
>
> The following script has always worked for me. Substitute {directory} as
> the destination directory, and {servername}\{share} as the network location
> of the file. I ran this from the computer configuration\scripts\startup
> since the file needed to be on every computer no matter the user.
>
>
>
> Dim objFSO, WshNetwork
>
> Const OverwriteExisting = True
>
> Set objFSO = CreateObject("Scripting.FileSystemObject")
>
> Set WshNetwork = Createobject("Wscript.Network")
>
> strComputer = WshNetwork.Computername
>
> wsLocation = "C:\{directory}\"
>
> objFSO.CopyFile "\\{servername{\{share}", wsLocation, OverwriteExisting
>
>
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Nelson, Jamie
> *Sent:* Tuesday, April 06, 2010 4:21 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Would it be possible for you to post the contents of the script? Please
> change any environment specific information (server names, users, etc) to
> protect your organization’s privacy before doing so.
>
>
>
> Did you also see Jerry’s recommendation about using Group Policy
> Preferences (GPP)? It would make what you’re trying to do much simpler.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 3:08 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> no sr. i tried with UNC but didnt work, that was weird, but it was true.
> now the only thing i need is to protect that script to not expose the
> password of that user i used to map the network drive.
>
>
>
> do you have any idea how to encrypt with net use?
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Okay, yeah that is a pretty common thing. I am actually wondering why you
> need to map a network drive to copy a file. Does using a UNC path not work
> for you?
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 2:08 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i gave domain computers fc permission and didnt work, HD want to have on
> all Domain machines a special file to run in case they needed, the only way
> to transfer that to all of them is a GPO.
>
>
>
> to avoid user names and doing a mess with our currently logon script, i
> decided to do that as an startup script.
>
>
>
> thanks.
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> If you have granted the computer object the required permissions, you
> should be able to map the drive without having to provide a user’s
> credentials. Curious why you would need to do this in a startup script
> though.
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* Tuesday, April 06, 2010 1:18 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> yes sr. i indluded /y. i just want to show you as simple as possible.
>
>
>
> Now my script is working but i needed to map a network drive first with any
> user credentials
>
> could you let me know how to encrypt the password of that user to avoid
> show that on the script?
>
>
>
> thanks.
>
> 2010/4/6 Martin Hugo <xxxxxxxxxxxxxxxx>
>
> Don't you need to include some switches to prevent prompting?
>
>
>
> Martin T. Hugo
>
> Network Administrator
>
> Hilliard City Schools
>
> Tel: 614-921-7102
> ------------------------------
>
> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
> Behalf Of Hector Rios [xxxxxxxxxxxxxxxx]
> *Sent:* Tuesday, April 06, 2010 1:16 PM
>
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> Reading the file from the origin.
>
>
>
> my script said
>
>
>
> xcopy \\myserver\myshare\myfile c:\dircreatedbyscript\myfile
>
>
>
> it seems that user/computer at startup script is not allowed to access my
> share.
>
>
>
>
>
> 2010/4/6 Dave Sharples <xxxxxxxxxxxxxxxx>
>
> Denied on reading the file or writing to the local computer?
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Hector Rios
> *Sent:* 06 April 2010 17:26
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* Re: [gptalk] Files are not copying through GPO
>
>
>
> i reviewed what andrew and you said, Network connection is not the problem,
> i enabled to wait for a network connection, the message still is Access
> Denied, i gave all necessary permissions you recommend me
>
>
>
> Waiting more suggestions, i really appreciate your help
>
> 2010/4/6 Nelson, Jamie <xxxxxxxxxxxxxxxx>
>
> Andrew is right on here. Sometimes Group Policy Processing (especially
> scripts) gets in a race condition with the initiation of the network
> connection. Setting this setting usually helps quite a bit. If you’re still
> having problems you might also look at the GpNetworkStartTimeoutPolicyValue
> registry setting and see if it helps. It is discussed in the following KB
> article.
>
>
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;840669
>
>
>
> Also make sure you haven’t only set share permissions. When dealing with
> Share/NTFS permissions, remember that the most restrictive will always win
> out. To make it simple, I always give “Authenticated Users” modify rights on
> the share, and then I use NTFS permissions to lock down access.
>
>
>
> So in your case, make sure you have Share permissions opened up as widely
> as possible and make sure that “Domain Computers” has a minimum of “Read”
> NTFS permissions.
>
>
>
>
>
> *Jamie Nelson* | Sr. Administrator | BI&T Infrastructure-Intel | *Devon
> Energy Corporation* | Work: ' 405.552.8054 | Mobile: ' 405.248.7963 |
> http://www.dvn.com
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Andrew McHale
> *Sent:* Tuesday, April 06, 2010 10:36 AM
>
>
> *To:* xxxxxxxxxxxxxxxx
>
> *Subject:* RE: [gptalk] Files are not copying through GPO
>
>
>
> Hi Hector,
> The script could be failing because the connection to the network has not
> established yet. Do you set the "Always *wait for network* at computer
> startup and logon" setting in your domain? It can be found under “Computer
> Configuration\Administrative Templates\System\Logon\”. This would force
> the workstations to wait for the network connection to establish before
> running any scripts, although it may increase the system boot up time.
>
> Hope this helps.
>
>
>
> Andrew
>
>
>
> *From:* Hector Rios [mailto:xxxxxxxxxxxxxxxx]
> *Sent:* 06 April 2010 16:22
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] Files are not copying through GPO
>
>
>
> Right now i have w2003 DC and XP wks, i want to copy a file to all wks
> through gpo, my problem is that thorugh gpo the file is not copying to the
> wks.
>
>
>
> i have a little and easy CMD script that works if it is executed locally
> from the WKS but if not working from my GPO
>
>
>
> i have this as Startup script, i have read other forums and assigned domain
> computers permission, everyone, auth users, almos everything to the share
> where WKS have to retrive the file but is not working.
>
>
>
> could anybody know how this could be working?
>
>
>
> This is urgent, i will be pending of my email.
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
>
>
>
> --
> Antes que nadie, recuerda que cuentas contigo mismo.
> Herm 2009
>
> ------------------------------
>
> This email has been checked by the Council's content checker
> ------------------------------
>
>
> *********************************************************************************
>
> Warning
>
> Please note that whilst this e-mail and any attachments originate from
> Calderdale MBC, the views expressed may not necessarily represent the views
> of Calderdale MBC.
>
> This e-mail and any attachments may contain information that is privileged,
> confidential or otherwise protected from disclosure. They must not be used
> by, or copied or disclosed to persons other than the intended recipient.
> Any liability (in negligence or otherwise) arising from any third party
> acting, or refraining from acting, on any information contained in this
> e-mail is excluded. If you have received this e-mail in error please inform
> the sender and delete the e-mail.
>
> E-mail can never be 100% secure. Please bear this in mind and carry out
> such virus and other checks, as you consider appropriate. Calderdale MBC
> accepts no responsibility in this regard.
>
> Copyright of this e-mail and any attachments belongs to Calderdale MBC.
>
> Should you communicate with anyone at Calderdale MBC by e-mail, you consent
> to the Council monitoring and reading any such correspondence.
>
>
>
> ------------------------------
>
>
--
Antes que nadie, recuerda que cuentas contigo mismo.
Herm 2009
| | | |
|
|