[Samba] Windows 7 Logon Scripts To Not Run [Was: Four DCs, No Replication]

Ryan Ashley ryana at reachtechfp.com
Wed Aug 13 10:21:36 MDT 2014

If the user can run the script by hand, he has access. This tells me 
something else is at play. Is it specified as a startup or logon script 
in a GPO? If so, is that GPO applied against that user or computer? Do 
you have a GPO that tells the computer to wait for the network at 
startup? If this is a laptop on wireless, you may be in a bind since 
wireless won't connect until logged into the system. A problem I have 
with a few clients who use laptops.

On 08/13/2014 11:11 AM, Adam Tauno Williams wrote:
> On Wed, 2014-08-13 at 16:13 +0200, steve wrote:
>> On Wed, 2014-08-13 at 08:53 -0400, Adam Tauno Williams wrote:
>>> On Wed, 2014-08-13 at 07:30 -0400, Adam Tauno Williams wrote:
>>>> On Tue, 2014-08-12 at 16:02 -0400, Adam Tauno Williams wrote:
>>>> Now the only issue I have is that user logon scripts do not run.
>>>> \\DC\netlogon is accessible.... logon scripts do appear to run for XP,
>>>> but not for windows 7.  The logon script is set in the user's AD object.
>>>> If I navigate to \\DC\netlogon and run the script manually it works;  it
>>>> simply does not run when the user logs on.
>>> I found posts indicating that "acl allow execute always" would help -
>>> adding that had no effect;  I was doubtful as the script runs `manually`
>>> just fine.
>>> The windows event log does not seem to record anything concerning the
>>> user logon script.
>> The script has to have the correct acls for the builtin groups before
>> the user gets a ticket.
> The "correct acls" would be?   The permissions appear the same between
> the old stand-alone DC and the new DCs.
> The user can just go and run the script once they are logged in.

More information about the samba mailing list