GPO Configured Startup Powershell Script & Execution Policy

Iron Contributor

Hi all, 


Earlier this year, we replaced all of our Domain Controllers, moving from Windows Server 2012R2 to Windows Server 2022. Ever since we made this change, we have seen some different behavior with GPO-configured Startup scripts. These scripts are located in the NETLOGON directory (or a subfolder of NETLOGON).


For about a decade, we have had a GPO-configured startup script to install our AV software on every machine in the domain. After we upgraded, it is no longer running. After some troubleshooting, it seems that the script isn't trusted. Our execution policy is set to remote signed. 


EDIT:  Logon scripts that are PowerShell scripts seem to work as expected.  It appears to only be with Startup scripts.


I haven't found anything through internet searches about AD changes to the way NETLOGON is trusted.  


Has anyone else seen, experienced, hopefully resolved this problem?




3 Replies
you have to put the path netlogon in your "Intranet Zone". Via your GPO, you put the netlogon in the "intranet zone", carefull to use "file://..." and "\\...".

@L_Youtell_974 is that new with server 2022?  I don’t ever recall having to do that in the past. I thought that by being joined to the domain, you would inherently trust NETLOGON. 

this is not really a new option, but in your case, your OS don't recognized your netlogon to be in your "Intranet Zone" so you have to put the option into the "Intranet Zone".