cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GPO Configured Startup Powershell Script & Execution Policy

Stephen Bell
Iron Contributor

‎Apr 10 2024 07:00 AM - edited ‎Apr 10 2024 07:16 AM

‎Apr 10 2024 07:00 AM - edited ‎Apr 10 2024 07:16 AM

GPO Configured Startup Powershell Script & Execution Policy

Hi all, 

 

Earlier this year, we replaced all of our Domain Controllers, moving from Windows Server 2012R2 to Windows Server 2022. Ever since we made this change, we have seen some different behavior with GPO-configured Startup scripts. These scripts are located in the NETLOGON directory (or a subfolder of NETLOGON).

 

For about a decade, we have had a GPO-configured startup script to install our AV software on every machine in the domain. After we upgraded, it is no longer running. After some troubleshooting, it seems that the script isn't trusted. Our execution policy is set to remote signed. 

 

EDIT:  Logon scripts that are PowerShell scripts seem to work as expected.  It appears to only be with Startup scripts.

 

I haven't found anything through internet searches about AD changes to the way NETLOGON is trusted.  

 

Has anyone else seen, experienced, hopefully resolved this problem?

 

Thanks

 

Labels:
289 Views
0 Likes
3 Replies
Reply
3 Replies
L_Youtell_974

‎Apr 28 2024 04:28 AM

‎Apr 28 2024 04:28 AM

Re: GPO Configured Startup Powershell Script & Execution Policy

you have to put the path netlogon in your "Intranet Zone". Via your GPO, you put the netlogon in the "intranet zone", carefull to use "file://..." and "\\...".
0 Likes
Reply
Stephen Bell

‎Apr 28 2024 04:40 AM

‎Apr 28 2024 04:40 AM

Re: GPO Configured Startup Powershell Script & Execution Policy

@L_Youtell_974 is that new with server 2022?  I don’t ever recall having to do that in the past. I thought that by being joined to the domain, you would inherently trust NETLOGON. 

0 Likes
Reply
L_Youtell_974

‎Apr 28 2024 05:01 AM

‎Apr 28 2024 05:01 AM

Re: GPO Configured Startup Powershell Script & Execution Policy

this is not really a new option, but in your case, your OS don't recognized your netlogon to be in your "Intranet Zone" so you have to put the option into the "Intranet Zone".
0 Likes
Reply