[Samba] Windows 7 Logon Scripts To Not Run [Was: Four DCs, No Replication]

Ryan Ashley ryana at reachtechfp.com
Wed Aug 13 15:17:50 MDT 2014

I believe it is the "Domain Computers" or "SYSTEM" account that would 
attempt to access the script before they login to the system, so what 
Steve says makes sense. You can also always reset your sysvol ACLs if 
needed by using the command below on your DC.

samba-tool ntacl sysvolreset

On 08/13/2014 05:02 PM, steve wrote:
> On Wed, 2014-08-13 at 11:11 -0400, Adam Tauno Williams wrote:
>> On Wed, 2014-08-13 at 16:13 +0200, steve wrote:
>>> On Wed, 2014-08-13 at 08:53 -0400, Adam Tauno Williams wrote:
>>>> On Wed, 2014-08-13 at 07:30 -0400, Adam Tauno Williams wrote:
>>>>> On Tue, 2014-08-12 at 16:02 -0400, Adam Tauno Williams wrote:
>>>>> Now the only issue I have is that user logon scripts do not run.
>>>>> \\DC\netlogon is accessible.... logon scripts do appear to run for XP,
>>>>> but not for windows 7.  The logon script is set in the user's AD object.
>>>>> If I navigate to \\DC\netlogon and run the script manually it works;  it
>>>>> simply does not run when the user logs on.
>>>> I found posts indicating that "acl allow execute always" would help -
>>>> adding that had no effect;  I was doubtful as the script runs `manually`
>>>> just fine.
>>>> The windows event log does not seem to record anything concerning the
>>>> user logon script.
>>> The script has to have the correct acls for the builtin groups before
>>> the user gets a ticket.
>> The "correct acls" would be?   The permissions appear the same between
>> the old stand-alone DC and the new DCs.
>> The user can just go and run the script once they are logged in.
> But you want the script to run before they get their desktop no? It is
> not they who run the script.

More information about the samba mailing list