Forum Discussion

Stephen Bell's avatar
Stephen Bell
Iron Contributor
Apr 10, 2024

GPO Configured Startup Powershell Script & Execution Policy

Hi all, 

 

Earlier this year, we replaced all of our Domain Controllers, moving from Windows Server 2012R2 to Windows Server 2022. Ever since we made this change, we have seen some different behavior with GPO-configured Startup scripts. These scripts are located in the NETLOGON directory (or a subfolder of NETLOGON).

 

For about a decade, we have had a GPO-configured startup script to install our AV software on every machine in the domain. After we upgraded, it is no longer running. After some troubleshooting, it seems that the script isn't trusted. Our execution policy is set to remote signed. 

 

EDIT:  Logon scripts that are PowerShell scripts seem to work as expected.  It appears to only be with Startup scripts.

 

I haven't found anything through internet searches about AD changes to the way NETLOGON is trusted.  

 

Has anyone else seen, experienced, hopefully resolved this problem?

 

Thanks

 

  • L_Youtell_974's avatar
    L_Youtell_974
    Brass Contributor
    you have to put the path netlogon in your "Intranet Zone". Via your GPO, you put the netlogon in the "intranet zone", carefull to use "file://..." and "\\...".
    • Stephen Bell's avatar
      Stephen Bell
      Iron Contributor

      L_Youtell_974 is that new with server 2022?  I don’t ever recall having to do that in the past. I thought that by being joined to the domain, you would inherently trust NETLOGON. 

      • L_Youtell_974's avatar
        L_Youtell_974
        Brass Contributor
        this is not really a new option, but in your case, your OS don't recognized your netlogon to be in your "Intranet Zone" so you have to put the option into the "Intranet Zone".

Resources