login script
in [Terminal Services]
|
Prev: Word 2007 on term session - "Word could not create the work file"
Next: Cannot anymore connect on TS 2003 from remote office
From: Chadder on 5 Feb 2008 16:46 I am running 2003 TS. What I would like to accomplish is to set the explorer option of "hide extensions for known file types" to be unchecked. I do not see an option in group policy but I can get this to work with a regedit /s command using a registry file and execute with a login script. This only works for domain admins and not standard users as it errors out with a permissions problem. How can I get this to work for standard users?
From: David Shen [MSFT] on 6 Feb 2008 02:18 Dear Customer, Thank you for posting in newsgroup. According to the post, I understand the issue is: you want to uncheck the explorer option of "hide extension for known file types" on the terminal server via group policy. You wrote a script with regedit command line to perform the task. This setting only works for domain admins group and not for domain users groups. You suspect that may be a permission issue. If there is any misunderstanding, please feel free to let me know. Before we move on please collect some information for the further analysis. Information Needed: ====================== 1. Could the script work normally when log locally on the terminal server? 2. Did you configure the script as a computer "Startup Script" or user "Logon Script" via Group Policy? 3. Could you access the script folder via UNC path with domain users' credential on the problematic computers? 4. Did this script not apply on all domain users or part of them on this terminal server? 5. As the Group Policy isn't applied with domain users, is there any related error massages recorded in the event viewer? 6. Please check the Link speed between domain computers and the Terminal Server to see if it is a slow link. To detect the slow link status, you may run "gpresult /v > C:\gpresult.log" with the domain users credential on the problematic computer, and then check "Connected over a slow link" is "yes" in the "gpresult.log" 7. Which registry changes and other jobs does the script perform? Based on the situation, I'd like to suggest we try the steps below: Suggestion: ============ 1. If you configure the script as a computer "Startup Script" in GPO, please grant the "Domain Computers" group with "Read" share permission and "Read and Execute" NTFS security permission on the script folder. 2. If you configure the script as a user "Logon Script" in GPO, please grant the "Domain Users" group with "Read" share permission and "Read and Execute" NTFS security permission on the script folder. 3. If a slow network connection is detected during the initial logon process, the logon script does not run. To resolve this kind of situation, please refer to: The Logon Script Does Not Run During the Initial Logon Process http://support.microsoft.com/kb/302104 4. The explorer option "hide extensions for known file types" is saved under "HKEY_Local_Machine", and by default only System and Administrators groups have "Full Control" permissions on this hive. You can enable the script as a Startup Script under Computer Configurations to see if it works. Hope it helps and have a nice day. Thanks a lot. David Shen Microsoft Online Partner Support
From: Chadder on 6 Feb 2008 13:30 Tried this as a startup script under computer configuration and did not get the error but it did not work either. I would like to come back to this later. Right now I have a more pressing need for the following problem: When I connect with Remote Desktop and try to access the My Documents folder I get "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". I cannot find anything in my GPO that could be causing this. When I disable the GPO completely it works fine. What could be causing this? I am not redirecting folders. I have roaming profiles enabled pointing to a share on the terminal server computer \\lvterminal2\roaming profiles. I have home directories enabled pointing to d:\home folders. Any thoughts? "David Shen [MSFT]" wrote: > Dear Customer, > > Thank you for posting in newsgroup. > > According to the post, I understand the issue is: you want to uncheck the > explorer option of "hide extension for known file types" on the terminal > server via group policy. You wrote a script with regedit command line to > perform the task. This setting only works for domain admins group and not > for domain users groups. You suspect that may be a permission issue. > > If there is any misunderstanding, please feel free to let me know. > > Before we move on please collect some information for the further analysis. > > Information Needed: > ====================== > > 1. Could the script work normally when log locally on the terminal server? > > 2. Did you configure the script as a computer "Startup Script" or user > "Logon Script" via Group Policy? > > 3. Could you access the script folder via UNC path with domain users' > credential on the problematic computers? > > 4. Did this script not apply on all domain users or part of them on this > terminal server? > > 5. As the Group Policy isn't applied with domain users, is there any > related error massages recorded in the event viewer? > > 6. Please check the Link speed between domain computers and the Terminal > Server to see if it is a slow link. > > To detect the slow link status, you may run "gpresult /v > C:\gpresult.log" > with the domain users credential on the problematic computer, and then > check "Connected over a slow link" is "yes" in the "gpresult.log" > > 7. Which registry changes and other jobs does the script perform? > > Based on the situation, I'd like to suggest we try the steps below: > > Suggestion: > ============ > > 1. If you configure the script as a computer "Startup Script" in GPO, > please grant the "Domain Computers" group with "Read" share permission and > "Read and Execute" NTFS security permission on the script folder. > > 2. If you configure the script as a user "Logon Script" in GPO, please > grant the "Domain Users" group with "Read" share permission and "Read and > Execute" NTFS security permission on the script folder. > > 3. If a slow network connection is detected during the initial logon > process, the logon script does not run. > > To resolve this kind of situation, please refer to: > > The Logon Script Does Not Run During the Initial Logon Process > http://support.microsoft.com/kb/302104 > > 4. The explorer option "hide extensions for known file types" is saved > under "HKEY_Local_Machine", and by default only System and Administrators > groups have "Full Control" permissions on this hive. You can enable the > script as a Startup Script under Computer Configurations to see if it works. > > Hope it helps and have a nice day. > > Thanks a lot. > > David Shen > Microsoft Online Partner Support > >
From: Chadder on 6 Feb 2008 18:08 I found my problem with the my documents folder and it was from a GPO setting of "Prevent access to drives from My Computer". I am going to give up on the script problem and let the users set this themselves. Thanks "Chadder" wrote: > Tried this as a startup script under computer configuration and did not get > the error but it did not work either. I would like to come back to this > later. Right now I have a more pressing need for the following problem: > > When I connect with Remote Desktop and try to access the My Documents folder > I get "This operation has been cancelled due to restrictions in effect on > this computer. Please contact your system administrator". I cannot find > anything in my GPO that could be causing this. When I disable the GPO > completely it works fine. What could be causing this? I am not redirecting > folders. I have roaming profiles enabled pointing to a share on the terminal > server computer \\lvterminal2\roaming profiles. I have home directories > enabled pointing to d:\home folders. Any thoughts? > > "David Shen [MSFT]" wrote: > > > Dear Customer, > > > > Thank you for posting in newsgroup. > > > > According to the post, I understand the issue is: you want to uncheck the > > explorer option of "hide extension for known file types" on the terminal > > server via group policy. You wrote a script with regedit command line to > > perform the task. This setting only works for domain admins group and not > > for domain users groups. You suspect that may be a permission issue. > > > > If there is any misunderstanding, please feel free to let me know. > > > > Before we move on please collect some information for the further analysis. > > > > Information Needed: > > ====================== > > > > 1. Could the script work normally when log locally on the terminal server? > > > > 2. Did you configure the script as a computer "Startup Script" or user > > "Logon Script" via Group Policy? > > > > 3. Could you access the script folder via UNC path with domain users' > > credential on the problematic computers? > > > > 4. Did this script not apply on all domain users or part of them on this > > terminal server? > > > > 5. As the Group Policy isn't applied with domain users, is there any > > related error massages recorded in the event viewer? > > > > 6. Please check the Link speed between domain computers and the Terminal > > Server to see if it is a slow link. > > > > To detect the slow link status, you may run "gpresult /v > C:\gpresult.log" > > with the domain users credential on the problematic computer, and then > > check "Connected over a slow link" is "yes" in the "gpresult.log" > > > > 7. Which registry changes and other jobs does the script perform? > > > > Based on the situation, I'd like to suggest we try the steps below: > > > > Suggestion: > > ============ > > > > 1. If you configure the script as a computer "Startup Script" in GPO, > > please grant the "Domain Computers" group with "Read" share permission and > > "Read and Execute" NTFS security permission on the script folder. > > > > 2. If you configure the script as a user "Logon Script" in GPO, please > > grant the "Domain Users" group with "Read" share permission and "Read and > > Execute" NTFS security permission on the script folder. > > > > 3. If a slow network connection is detected during the initial logon > > process, the logon script does not run. > > > > To resolve this kind of situation, please refer to: > > > > The Logon Script Does Not Run During the Initial Logon Process > > http://support.microsoft.com/kb/302104 > > > > 4. The explorer option "hide extensions for known file types" is saved > > under "HKEY_Local_Machine", and by default only System and Administrators > > groups have "Full Control" permissions on this hive. You can enable the > > script as a Startup Script under Computer Configurations to see if it works. > > > > Hope it helps and have a nice day. > > > > Thanks a lot. > > > > David Shen > > Microsoft Online Partner Support > > > >
From: David Shen [MSFT] on 7 Feb 2008 02:11
Dear Customer, Thanks for your response. I'm glad to hear that you have resolved the issue. You are welcome to Newsgroup for further questions. Thanks a lot. David Shen Microsoft Online Partner Support |