Forum Discussion
User Logon Scripts Headache
Hello, I have been able to solve this issue. I was missing CSE GUID information from the GPT.ini file, more precisely CSE GUID related to scripts :
gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
By copying a gpt.ini file filled with those entries into my target computer, along with creating appropriate registry keys, my user logon/logoff Powershell scripts are now executed without issues.
I didn't have to do that for machine startup/shutdown PowerShell scripts tho, no idea why so far.
Also, I can confirm with Procmon new registry hives/keys are indeed created when configuring scripts, I'm not sure why you do not see this. My target is a LTSC 2016 operating system just in case.
If you are not able to provide support for scripts with LGPO.exe right now, at least please try to document this :
- For machine scripts, copy shutdown and/or startup folders to target, as well as a prefilled pssscripts.ini to C:\Windows\System32\GroupPolicy\Machine\Scripts. Then create appropriate registry keys under:
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts" and "HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Scripts".
- For user scripts, copy logon and/or logoff folders to target, as well as a prefilled pssscripts.ini to C:\Windows\System32\GroupPolicy\User\Scripts and prefilled GPT.ini file to C:\Windows\System32\GroupPolicy.
Then create appropriate registry keys under:
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts" and "HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\[SID]"
(HKLM hive for the second registry hive is not an error).
Regards,
Hello, I have been able to solve this issue. I was missing CSE GUID information from the GPT.ini file, more precisely CSE GUID related to scripts :
gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
By copying a gpt.ini file filled with those entries into my target computer, along with creating appropriate registry keys, my user logon/logoff Powershell scripts are now executed without issues.
I didn't have to do that for machine startup/shutdown PowerShell scripts tho, no idea why so far.
Also, I can confirm with Procmon new registry hives/keys are indeed created when configuring scripts, I'm not sure why you do not see this. My target is a LTSC 2016 operating system just in case.
If you are not able to provide support for scripts with LGPO.exe right now, at least please try to document this :
- For machine scripts, copy shutdown and/or startup folders to target, as well as a prefilled pssscripts.ini to C:\Windows\System32\GroupPolicy\Machine\Scripts. Then create appropriate registry keys under:
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts" and "HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\Scripts".
- For user scripts, copy logon and/or logoff folders to target, as well as a prefilled pssscripts.ini to C:\Windows\System32\GroupPolicy\User\Scripts and prefilled GPT.ini file to C:\Windows\System32\GroupPolicy.
Then create appropriate registry keys under:
"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts" and "HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\[SID]"
(HKLM hive for the second registry hive is not an error).
Regards,
Alban1999 - news you might find welcome is that the next set of Policy Analyzer and LGPO tools will include support for client side extensions. "LGPO /g path" will identify the machine and user CSEs referenced in the backup.xml files and register them. Policy Analyzer will also capture CSEs into the .PolicyRules files. (And LGPO /p file.PolicyRules will let you use Policy Analyzer files - with CSE references - to configure local policy.)
No movement on startup/logon scripts, though.
Hello, that's good news - so basically, I won't have to mess with GPT.ini file in the future, even for user scripts ? Your last line is a bit confusing.
From what I understand, I still need to manage the "copy script to target" + "create appropriate registry keys" steps, however I won't need to update gpt.ini file anymore, as scripts CSE will be already included within.
Please let me know if I'm not mistaken.
That's correct:
* "LGPO.exe /b" will parse gpt.ini for you and pick up the Scripts machine CSE.
* When Policy Analyzer imports a GPO backup, it will pick up the CSEs referenced in the backup.xml file(s) and incorporate them into the resulting .PolicyRules file.
* "LGPO.exe /g path" will inspect backup.xml file(s) and register machine and user CSEs that it finds.
* "LGPO.exe /p path\lgpo.PolicyRules" will apply all policy settings in the PolicyRules file, including registering machine/user CSEs.
Great news Aaron ! Could you tell me when this updated LGPO.exe will be available ? I'm eager to test it with this improved feature.
Also, I promise I won't use scripts anymore the day LGPO.exe supports Group Policy Preference - one of the top users requests I'm sure.
Regards and thanks again for all the help