Re: GPRESULT not working from remote computer
- From: "G Johansson" <fantomen@xxxxxxxxxxxxxxx>
- Date: Wed, 22 Aug 2007 20:32:58 +0200
What information do you need in your reports?
Just what GPO's affecting the computer or something more specific.
You have some scripts already installed when you installed GPMC, you can
find them in %ProgramFiles%\GPMC\Scripts
--
G Johansson
fantomen@xxxxxxxxxxxxxxx
"Jos Rossiau" <JosRossiau@xxxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
news:7BF9B763-4FB2-4D3A-B396-316C3333C6FC@xxxxxxxxxxxxxxxx
Hi,
Thanks for your reply.
I already kinda figured out I had to find a user who had logged on
interactively on the servers. However, there is no single user who has
logged
on to every server. A bunch of administrators are responsible for these
servers.
I am trying to rewrite the script to check hkey_users for users s1-5-21
and
then use sid2user to get the username and domain from it. I can then use
those names to try to get gpresult to work with the /USER option. The /U
can
be any other administrator. If one of the users succeeds, then i can skip
the
other users.
I hope this will work.
I don't think local accounts will work, do you? I tried local
administrator
/USER <servername\administrator> but it gave me the same error. So i'll
focus
the script on domain users only.
I have absolutely no knowledge about scripting the gpmc. This script looks
daunting, it probably is easier for me to write, as it is technically not
so
advanced.
Do you have any good sources on scripting the gpmc?
Kind regards,
Jos Rossiau
"Darren Mar-Elia" wrote:
What you've found is a quirk in the way gpresult works. Even if you are
only
interested in collecting RSOP data for the remote computer, the tool
looks
for RSOP data for your current user account that you're using to run the
command on that remote machine, and bails out if it doesn't find it
(meaning
you've never logged on interactively with that account on that remote
machine). So, in order to get this to work, you need to specify a user
account on the /USER option that you know has always logged into the
remote
system. Or, I suppose you could also just ignore using the /USER option
but
rather always run your script in the context of a user who has always
logged
into those remote systems. The other alternative is to use GPMC scripting
to
accomplish this, instead of gpresult.
--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Script Group Policy Settings with the GPExpert Scripting Toolkit for
PowerShell!
Find out more at http://www.sdmsoftware.com/products2.php
Visit the GPOGUY: http://www.gpoguy.com -- The Windows Group Policy
Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related
"Jos Rossiau" <JosRossiau@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E63EBE7E-07F5-4F72-BEAA-5487BB207C57@xxxxxxxxxxxxxxxx
Hello,
I have written a little script that checks and reports what group
policies
have been applied to a number of servers.
In short the scripts runs the following command foreach of the servers:
gpresult /S <servername> /U <domain\userid /> /P <password> /SCOPE
COMPUTER
/USER <domain\userid>
When I run the script (or gpresult manually) I get the error message:
INFO: The user "domain\userid" does not have RSOP data.
When I log on locally or via RDP to this server I can run gpresult.
When I log off and rerun the script, the server I have logged on to is
succesful, but the other servers I have not yet logged on to are not.
I figured this would be caused by a lack of a userprofile on the local
computer, so I embeded a psexec -e (the one that creates a profile, not
the
newest that avoids creating a profile on the remote computer) command
in
the
script to create a userprofile on the remote computer before running
gpresult
on it.
This did however not work, a userprofile directory was created, but
that
was
not adequate for gpresult to work correctly. The only difference with
loging
on locally or via RDP was that the user did not get its own registrykey
under
HKEY_USERS.
It looks like gpresult wants to check the HKEY_USERS\<SID of user> to
check
for user gpo's applied.
Although I only want to check computer policies, the lack of possiblity
to
check user policies for the user is stopping me.
Does anyone know how I can have the userprofile load correctly,
including
creating the HKEY_USERS\usersid key from a commandline (preferably
remote)?
Is there any other way of getting the same info as gpresult /S
<servername>
/SCOPE COMPUTER ?
Any help would be appreciated, instead of having to log on
interactively
at
all my servers.
Greetings,
Jos Rossiau
.
- References:
- Re: GPRESULT not working from remote computer
- From: Darren Mar-Elia
- Re: GPRESULT not working from remote computer
- From: Jos Rossiau
- Re: GPRESULT not working from remote computer
- Prev by Date: Re: GPRESULT not working from remote computer
- Next by Date: Re: GPRESULT not working from remote computer
- Previous by thread: Re: GPRESULT not working from remote computer
- Next by thread: Re: GPRESULT not working from remote computer
- Index(es):
Relevant Pages
|
