Re: GPRESULT not working from remote computer

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

Thanks for your reply.

I already kinda figured out I had to find a user who had logged on
interactively on the servers. However, there is no single user who has logged
on to every server. A bunch of administrators are responsible for these
servers.

I am trying to rewrite the script to check hkey_users for users s1-5-21 and
then use sid2user to get the username and domain from it. I can then use
those names to try to get gpresult to work with the /USER option. The /U can
be any other administrator. If one of the users succeeds, then i can skip the
other users.

I hope this will work.

I don't think local accounts will work, do you? I tried local administrator
/USER <servername\administrator> but it gave me the same error. So i'll focus
the script on domain users only.

I have absolutely no knowledge about scripting the gpmc. This script looks
daunting, it probably is easier for me to write, as it is technically not so
advanced.

Do you have any good sources on scripting the gpmc?

Kind regards,

Jos Rossiau





"Darren Mar-Elia" wrote:

What you've found is a quirk in the way gpresult works. Even if you are only
interested in collecting RSOP data for the remote computer, the tool looks
for RSOP data for your current user account that you're using to run the
command on that remote machine, and bails out if it doesn't find it (meaning
you've never logged on interactively with that account on that remote
machine). So, in order to get this to work, you need to specify a user
account on the /USER option that you know has always logged into the remote
system. Or, I suppose you could also just ignore using the /USER option but
rather always run your script in the context of a user who has always logged
into those remote systems. The other alternative is to use GPMC scripting to
accomplish this, instead of gpresult.
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy

Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php

Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

"Jos Rossiau" <JosRossiau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E63EBE7E-07F5-4F72-BEAA-5487BB207C57@xxxxxxxxxxxxxxxx
Hello,

I have written a little script that checks and reports what group policies
have been applied to a number of servers.

In short the scripts runs the following command foreach of the servers:

gpresult /S <servername> /U <domain\userid /> /P <password> /SCOPE
COMPUTER
/USER <domain\userid>

When I run the script (or gpresult manually) I get the error message:

INFO: The user "domain\userid" does not have RSOP data.

When I log on locally or via RDP to this server I can run gpresult.
When I log off and rerun the script, the server I have logged on to is
succesful, but the other servers I have not yet logged on to are not.

I figured this would be caused by a lack of a userprofile on the local
computer, so I embeded a psexec -e (the one that creates a profile, not
the
newest that avoids creating a profile on the remote computer) command in
the
script to create a userprofile on the remote computer before running
gpresult
on it.

This did however not work, a userprofile directory was created, but that
was
not adequate for gpresult to work correctly. The only difference with
loging
on locally or via RDP was that the user did not get its own registrykey
under
HKEY_USERS.

It looks like gpresult wants to check the HKEY_USERS\<SID of user> to
check
for user gpo's applied.

Although I only want to check computer policies, the lack of possiblity to
check user policies for the user is stopping me.

Does anyone know how I can have the userprofile load correctly, including
creating the HKEY_USERS\usersid key from a commandline (preferably
remote)?

Is there any other way of getting the same info as gpresult /S
<servername>
/SCOPE COMPUTER ?

Any help would be appreciated, instead of having to log on interactively
at
all my servers.

Greetings,

Jos Rossiau





.

Relevant Pages

  • Re: GPRESULT not working from remote computer
    ... I have written a little script that checks and reports what group policies ... In short the scripts runs the following command foreach of the servers: ... When I log on locally or via RDP to this server I can run gpresult. ... I figured this would be caused by a lack of a userprofile on the local ...
    (microsoft.public.windows.group_policy)
  • Re: Deny rules...
    ... services client I have not implemented it. ... Tony Su ... >The Script makes sure the ip to be blocked is not itīs ... >I have few outside servers to connect from to my servers ...
    (microsoft.public.isa)
  • Re: Software configuration management tool required
    ... If it automates ... and 100-ish servers, it's just not going to happen. ... you test it by running the rc?.d script that init will ... > because Oracle or some vendor tells them to do so. ...
    (comp.unix.admin)
  • Re: Resetting Terminal Services to Administration mode remotely
    ... a vbs script would work. ... >> changing the licensing mode of the terminal servers to Per User mode via ... >> to be able to connect to the remote ts machines. ... >>> Is there any way to reset a server Terminal Services to Administration ...
    (microsoft.public.win2000.termserv.clients)
  • Re: trouble with a script
    ... Your snippet of code doesn't look like sh on FreeBSD. ... Basically, I want my script to prompt me for two inputs, then append to ... The user input would be "domain.com", ... is how we set up a client's site on our servers. ...
    (comp.unix.shell)