Share via

Startup script for remote computers not running

Cristian Ruiz 191 Reputation points
2021-09-06T18:42:16.613+00:00

Hello,
we have a customer with remote users working at home. They have a GPO with a startup script configured. In event viewer there is only an error saying that the GPOs can not be processing because is not having contact wit the domain controller (or something like that). So, I believe that the startup script is not running because this lack of connectivity with DCs during the computer startup (after the user executes the Cisco VPN client connection the events are about information saying that the GPOs were successfuly executed).
So, the question is,
Is there any configuration in order to force the processing of the startup scripts even without a connection to DCs?

Windows for business Windows Client for IT Pros User experience Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2021-09-07T09:51:05.597+00:00

    Hello anonymous user,

    This is a By Design security. Users can't run Powershell scripts if there is no communication with the DC, mainly for security to avoid a suplantation of DC.

    In my case I was able to workaround, which is to create a batch launcher (BAT will run with no DC connection) store it in the same folder as your PS1 and change the Logon Script GPO to load the BAT launcher instead of the PS1

    @Echo off
    set ScriptDirectory=%~dp0
    PowerShell -ExecutionPolicy Unrestricted -Command "&'%ScriptDirectory%\script.ps1' -Verbose"

    I hope this may help with your issue,
    Best regards,

    0 comments
  2. Cristian Ruiz 191 Reputation points
    2021-09-07T22:25:00.573+00:00

    Thanks for your reply.
    I can add more information, in event viewer I saw an event saying that when the computer starts the GPO wants to run the scripts from the \domain\sysvol path, and of course, it failed because of lack domain connectivity. So, first what I was thinking about a workaround is to change the GPO in order to copy the script to a local path and run the script using that same local path. That is what I'm going to try. But, may be I was wondering if that is the way, to do a workaround, or there is another option like a GPO configuration that if there is no DC connectivity, the domain admin can configure something that make the script runs from the local gpo cache. Is there something like that? or the correct option is to look for a workaround?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.