User Profile Logon Script not applying
Hi,

Having trouble getting a user profile logon script (set in AD user properties) called 'unitofsound.bat' to apply after creating an application whitelist with GPO.

I have found if I set 'User Config-> Policies-> Windows Settings -> Security Settings -> Software Restriction Policies -> Security levels ->' to Unrestricted unitofsound.bat will successfully map the network drive with drive letter 'P'.

If I set 'User Config-> Policies-> Windows Settings -> Security Settings -> Software Restriction Policies -> Security levels ->' to Disallowed, nothing seems to happen. 

The batch file resides in '\\woodside.local\sysvol\woodside.local\scripts\un itofsound.bat'. I have attached a screenshot of additional rules:



What am I missing here? Would be grateful for any help 
January 23rd, 2014 9:22am

You say you can get it to successfully map when it is set to unrestricted. By definition of what "unrestricted" does, this works as stated (access rights determined by access rights of user). Assuming the user(s) have access rights to this location, all should be OK. 

When you change it to "Disallowed," by definition this would render the file/program disabled. 

Why can't you leave the batch file process unrestricted? 

Free Windows Admin Tool Kit Click here and download it now
January 23rd, 2014 12:05pm

Thanks for the response.

I work in a school and I really don't want the kids able to run batch files. 

I've created additional rules which should make the area the batch file is stored unrestricted. - This is the bit I find a little baffling :/

The confusing thing is that if I take batch files out of 'Designated file types 'unitofsound.bat' still won't run. 

January 24th, 2014 3:58am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics