4

Simple answer I am sure...I an trying to deploy Office 2010 to clients via the GPO startup script but am having issues. Soon as the computer starts, it prepares network connections then goes on to running startup scripts. Soon as my startup script runs to deploy offices, i get asked for a username and password to connect to the share...i have all permissions set for authenticated users can read and execute, and for testing purposes i put domain computers can do the same as authenticated users.

If anyone has any thoughts, that would be great.

Rex
  • 7,815
  • 3
  • 28
  • 44
John
  • 157
  • 2
  • 10

2 Answers2

3

You need to transition this to a logon script, or use the built in application deployment options.

The problem you are running into is that during the start up script phase the effective user is not the logged in user - since these scripts are run even before the user logon prompt is presented - but it is running as the SYSTEM user.

Personally I would highly recommend that you use the built in GPO Software Deployment tools unless you have a very complex install.

Zypher
  • 36,995
  • 5
  • 52
  • 95
  • 1
    Office 2010 deployment is not supported using the GPSI (Group Policy Software Install) method. The alternative is to use computer startup script assigned by Group Policy. See http://technet.microsoft.com/en-us/library/ee624360.aspx - "We do not support Office 2010 deployment by means of Group Policy Software Installation (GPSI). A workable alternative to GPSI is to assign computer startup scripts." – Rex Mar 15 '12 at 22:06
  • @Rex Unsupported != not possible ... as far as the "computer startup scripts" i think they mean logon scripts but are wording it badly. – Zypher Mar 15 '12 at 22:52
  • I never said it wasn't possible, just not supported :) The supported method is to use computer startup scripts. And they mean computer startup scripts - not user login scripts. The computer startup script runs under local system for the most part, but when it tries to access network resources, it actually uses the computer account to authenticate with. – Rex Mar 15 '12 at 22:56
  • http://technet.microsoft.com/en-us/library/ff602181.aspx for the technet article on setting up Office 2010 deployment with computer scripts. It wouldn't be my preferred method, but is still a little better than setting users run the install off a network share manually. – Rex Mar 15 '12 at 22:59
  • every time a computer account is given access to a network resource i die a little inside ... and the user doesn't need to run it manually just the userlogon script which changes the network auth from the SYSTEM account to the user account. – Zypher Mar 15 '12 at 23:00
  • using the built in GPSI to assign to a computer is the same thing as the computer account needs to access the network resource.. but i agree that the user login script would be different. – Rex Mar 16 '12 at 17:10
0

Have you checked both share and NTFS permissions to allow authenticated users read access?

And have you checked permissions to the actual startup script in the SYSVOL?

Also make sure the following settings are being applied correctly:

Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon => enabled

Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts asynchronously => disabled

Rex
  • 7,815
  • 3
  • 28
  • 44
  • I have checked all share and ntfs permissions and they all have authenticated users set to read...still getting asked for the username and password at boot...i am going to try another test to see what part its asking for the password, is it trying to access my deployoffice.bat or is it asking it trying to run whats in the script... – John Mar 19 '12 at 14:41
  • Ok I did a simple bat file for startup to run and echo some text to a file on the C:\ drive and it worked for startup script, so it must be something in the deployoffice.bat file I got from the MS TechNet site...far as I can see, its just starting to run the office setup and i have all permissions set to auth users can read and execute...baffles me. – John Mar 19 '12 at 15:11
  • ok problem solved...apparently in my startup script I can't point it to the \\ip-address\share but if I point to \\srvname\share then all works fine...anyone have explanation of this? – John Mar 19 '12 at 16:28