We're in the process of introducing Windows 7 in our school. Most of the initial problems seem to have been ironed out, but we're left with one stumbling block that we don't seem to be able to resolve: Login scripts don't run for users who aren't local administrators.
We are using traditional .bat files to map a few drives and import printer settings. It works fine as an administrator bit not as a normal user. If a standard user logs on, the scripts can be executed manually and all is well, but they don't run as part of the logon process.
We've tried the "EnableLinkedConnections" registry fix but that doesn't seem to make any difference. We've tried specifying and locating the scripts within group policies and the netlogon share, but again, nothing seems to work.
We'd like to avoid the possibly inevitabale workaround of making students local administrators, but can't find any alternative solutions at present. Has anyone else experience this and found a solution?
*Edit: we have also turned off User access control
Last edited by AnnDroyd; 4th October 2011 at 04:09 PM.
Unfortunately I've already ruled out anything to do with policy restrictions. Moving a test user into an OU with no restrictions applied doesn't work. However, making the same user a local admin, even with the same policies applied does work.
Even if I could get round the drive mapping problem, we still need the scripts to run for other things.
The only scripts I use in my Windows 7/2008 R2 domains are Startup scripts for deploying wireless settings and to check/install anti-virus software if it's not there and that's it. Everything else is GPO.
net use n: \\server1\users\students\%username% /persistent:no
net use o: \\server3\applications /persistent:no
NET TIME \\server4 /SET /YES
if exist \\server4\netlogon\screenres\%computername%.bat call \\server4\netlogon\screenres\%computername%.bat
if not exist \\server4\netlogon\screenres\%computername%.bat call \\server4\netlogon\screenres\default.bat
reg delete "HKCU\printers\connections" /f
if exist \\server4\netlogon\printers\%computername%.reg regedit /s \\server4\netlogon\printers\%computername%.reg
if not exist \\server4\netlogon\printers\%computername%.reg regedit /s \\server4\netlogon\printers\allprinters.reg
The script looks OK to me also, but clearly Windows doesn't like something. I noticed however that you have what appears to be 4 servers. Are all these DCs as I wonder if it's a possible DNS issue.
Most (from what I can see) of what you have in your script could be achieved by GPO. Presumably you control everything else with GPOs, so it makes sense drive maps and printers are deployed this way too.
The only part I am unsure about is your screenres code, which I presume is setting the resolution at logon?
As you have three paragraphs of script, try experimenting and run each paragraph in turn. Does Windows still not process on all three?
We seem to have sorted this by putting the logon scripts in the profile in the start menu>programs>startup folder. Not an ideal solution, but it gets it working without having to make everyone local admins.
What about putting it in the NETLOGON folder and in each user profile specifying it in there?
When you say specifying it in the profile, do you mean by creating a shortcut? If so, I tried that, but you get a security messages asking you if you want to run the file. By putting the script itself there, you don't get any warnings.