2

Using this answer, I was able to confirm that a logon script is applied to my user account, but it doesn't run. I can run gpupdate /force but my PC got accounts connected to a different domain and I don't know what would happen if I did that. My code only contain a simple WScript.Echo for test purposes. I set it up using a GPO on the test server's active directory.

UPDATE:

After rebooting my PC, my new logon script still didn't work. This is my current code. Now, I made it only apply to my account by setting it on the Profile.

Set oShell = CreateObject("WScript.Shell")
strHomeFolder = oShell.ExpandEnvironmentStrings("%USERPROFILE%")

Set objFSO=CreateObject("Scripting.FileSystemObject")
strLogFile = strHomeFolder & "\Documents\test_logon.txt"

WScript.Echo "strLogFile: ", strLogFile

Set objFile = objFSO.CreateTextFile(strLogFile, True)
objFile.Write "test logon" & vbCrLf
objFile.Close

Because the logon script still doesn't work from the Profile, I changed it to using the GPO directly. When I did gpresult /v, it was displayed there.

When I run gpresult /h result.htm, I got an error.

An error has occurred while collecting data for Administrative Templates.

The following errors were encountered:
Resource '$(string.Advanced_EnableSSL3Fallback)' referenced in attribute displayName could
not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 795, column 308

What did it mean? The test server that I'm currently connected to is a Windows Server 2012 R2.

Here's the result.htm

Group Policy Results
DOMAIN\Emp1
Data collected on: 6/14/2019 4:24:53 PM 
Summary
    Computer Configuration Summary
        No data available.
    User Configuration Summary
        General
            User name   DOMAIN\Emp1
            Domain  DOMAIN.ed
            Last time Group Policy was processed    6/14/2019 3:27:15 PM
        Group Policy Objects
            Applied GPOs
            Name    Link Location   Revision
            Company WallPaper_GPO   DOMAIN.ed   AD (4), Sysvol (4)
            User_Manual_Test_GPO    DOMAIN.ed/IT TEAM   AD (4), Sysvol (4)
            ITTEAM_GPO  DOMAIN.ed/IT TEAM   AD (4), Sysvol (4)
        Denied GPOs
            Name    Link Location   Reason Denied
            Local Group Policy  Local   Empty
            Default Domain Policy   DOMAIN.ed   Empty
        Security Group Membership when Group Policy was applied
            DOMAIN\Domain Users
            Everyone
            BUILTIN\Users
            BUILTIN\Performance Log Users
            NT AUTHORITY\INTERACTIVE
            CONSOLE LOGON
            NT AUTHORITY\Authenticated Users
            NT AUTHORITY\This Organization
            LOCAL
            Authentication authority asserted identity
            Mandatory Label\Medium Mandatory Level
        WMI Filters
            Name    Value   Reference GPO(s)
            None
        Component Status
            Component Name  Status  Last Process Time
            Group Policy Infrastructure Failed  6/14/2019 3:27:33 PM
            Group Policy Infrastructure failed due to the error listed below.

            The network is not present or not started. 

            Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

            Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/14/2019 3:27:15 PM and 6/14/2019 3:27:33 PM.
            Registry    (N/A)   6/4/2019 7:06:55 PM
            Scripts (N/A)   6/14/2019 1:55:16 PM
Computer Configuration
    No data available.
User Configuration
    Policies
        Windows Settings
            Scripts
                Logon
                    Name    Parameters  Last Run    Script Order in GPO Winning GPO
                    testLogon.vbs           Not configured  User_Manual_Test_GPO
    Administrative Templates
        An error has occurred while collecting data for Administrative Templates.

        The following errors were encountered:
        Resource '$(string.Advanced_EnableSSL3Fallback)' referenced in attribute displayName could not be found. File C:\Windows\PolicyDefinitions\inetres.admx, line 795, column 308

I don't know if this is another reason for the problem, but the test server that I'm currently using kept on crashing for some reason.

Today, June 15, I rerunned gpresult /h result.htm and got an error under Component Status.

Group Policy Infrastructure failed due to the error listed below.

The specified domain either does not exist or could not be contacted.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/15/2019 3:37:44 PM and 6/15/2019 3:37:49 PM.

Where do I look at for the application event log? Is it inside Event Viewer? I can't seem to find the "application" event log there. rsop.msc seem to not have the permission to look at the computer permissions even if I run it as administrator. Simply running it shows that I do have the 2 logon scripts I set on the GPO.

Could this be a root folder permission issue? I think not. The domain user account that I'm using got a full permission in it.

rminaj
  • 121
  • 1
  • 4
  • `1.` 1 Logon scripts run at logon. Running gpupdate /force will not cause the logon script to run again. `2.` If your computer is domain joined then it's going to process group policy on a regularly occurring basis automatically. Running gpupdate /force is just forcing it to run, but it's going to do it anyway whether you want it to or not. – joeqwerty Jun 13 '19 at 10:48
  • Thanks for the info @joeqwerty. – rminaj Jun 14 '19 at 01:58

1 Answers1

1

Try writing a file instead of echoing to a console. Depending on how things are set up, it could be running in a hidden session you never see, or just finishing so quick and then closing you miss it.

Don't worry about gpupdate /force That's gonna happen eventually anyway, other accounts or not; it's probably happened already. It happens every time you reboot the machine. You definitely won't ever see the new script if the policies don't update.

Based on the updates, you should take a look at this section:

Group Policy Infrastructure failed due to the error listed below.

        The network is not present or not started.

Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.

Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 6/14/2019 3:27:15 PM and 6/14/2019 3:27:33 PM.
Registry    (N/A)   6/4/2019 7:06:55 PM
Scripts (N/A)   6/14/2019 1:55:16 PM

And for a possible fix, try this policy:

Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon
Joel Coel
  • 12,910
  • 13
  • 61
  • 99