Octopuss Posted January 24, 2012 Share Posted January 24, 2012 I could use some tips. I created GPO which is supposed to 1) copy a file from a server to local disk and 2) do simple change in registry. Unfortunately it doesn't work and I can't figure out why.I want it to work on whole computer rather on user, so in the editor I changed relevant settings under computer configuration. I also linked the GPO to one computer only - for testing purposes.gpresult /r shows me that the policy is applied, but in reality nothing happens. I am out of ideas... What should I check? Link to comment Share on other sites More sharing options...
allen2 Posted January 24, 2012 Share Posted January 24, 2012 Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder. Link to comment Share on other sites More sharing options...
Octopuss Posted January 24, 2012 Author Share Posted January 24, 2012 Did you checked the rights on the share and the ntfs permission there (the computer account should have the rights there) ?Also i wouldn't do it this way: I would create a batch file to copy the file and import the reg entry and i would put the needed files (if they are small) in the gpo folder.That makes no sense to do since the functionality is right there in the GPO editor....Rights should be ok as I logged on to the domain with admin account. Link to comment Share on other sites More sharing options...
allen2 Posted January 24, 2012 Share Posted January 24, 2012 Of course, but you're still stuck with a not working gpo and also those settings are new (i never used them so i can't tell if they are reliable) but i'm sure of something: everything that run under a computer config in a gpo will run with the computer system account so if you copy something from a share it might not work if the shared folder isn't properly configured (unless the gpo tools make a local copy of the file in the gpo folder). Usually, i use a script only to get logs of the executed work to debug problems. Link to comment Share on other sites More sharing options...
Octopuss Posted January 25, 2012 Author Share Posted January 25, 2012 So which permissions should I specifically check for? Link to comment Share on other sites More sharing options...
allen2 Posted January 25, 2012 Share Posted January 25, 2012 You need to add the accounts of your target computers (or a group containing them like "authenticated users" but this one contains almost all AD objects). Link to comment Share on other sites More sharing options...
Octopuss Posted January 25, 2012 Author Share Posted January 25, 2012 Well, I should have that. In the Scope tab, under security filtering, I added that specific computer to the list.I created other policy in the same way (computer settings etc.) that installs an app and it works just fine. Link to comment Share on other sites More sharing options...
Octopuss Posted January 27, 2012 Author Share Posted January 27, 2012 I nailed it down to probably permissions problem. I added some app installation to the same policy and it worked.So:What kinda permissions do I need (and where?) in order to be able to do a registry change on a machine via GPO, under computer configuration? Link to comment Share on other sites More sharing options...
Octopuss Posted January 30, 2012 Author Share Posted January 30, 2012 Really need some help here... I googled like mad and found nothing. Link to comment Share on other sites More sharing options...
Octopuss Posted January 31, 2012 Author Share Posted January 31, 2012 After hopelessly trying this and that I managed to nail it down to some sort of incompatibility with Windows XP. In theory, this http://support.microsoft.com/kb/943729 should let me use the new stuff on XP, but it is still not working at all. Link to comment Share on other sites More sharing options...
Octopuss Posted February 1, 2012 Author Share Posted February 1, 2012 I will finish my monologue with what I finally found out.I use nLite to ease the installation of XP machines. After even more trial and error I accidentally found out that that KB943729 doesn't install (or just doesn't work - I don't know) if I integrate Intel chipset drivers into the installation image. Doesn't make sense? I know. It does work if I install those drivers after I join domain and install the KB.What I did was integrade the KB into the image as well like if I was adding updates. I have no idea what the deal was, but it works. Link to comment Share on other sites More sharing options...
Tripredacus Posted February 1, 2012 Share Posted February 1, 2012 I will finish my monologue with what I finally found out.I use nLite to ease the installation of XP machines.Many of our users will be sad/angry to read this. I see you've been using nLite for quite a while now and no one would jump to a conclusion and think maybe your use to nLite was related to your recent question about pushing out a Flash update via GPO for your customer.... By now you must have encountered the many threads in the nLite forum that talk about its EULA. Link to comment Share on other sites More sharing options...
iamtheky Posted February 1, 2012 Share Posted February 1, 2012 (edited) indeed Trip,Dont get me wrong, I spent months building a hardened XP image. Many roadblocks were overcome by letting Nlite accomplish the task, then working very much backwards with windiff/regshot to see what was altered. Then applying the effective changes manually to the Master Systems, then researching why it worked, then documenting. Seems if you let Nlite do all the work and push it out the door, more often than not your answer would be:I have no idea what the deal was, but it works.Even if I were to ignore the EULA and authors wishes, with such a grand lack of documentation and dedicated support it would still not be a feasible solution for distribution. Edited February 1, 2012 by iamtheky Link to comment Share on other sites More sharing options...
Octopuss Posted February 1, 2012 Author Share Posted February 1, 2012 You are quite right, actually. If I could I'd pay for a licence for nLite, but sadly such option doesn't exist I also completely forgot about this because I haven't touched XP for quite some time and then I needed to come up with a solution when I got this job. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now