I'm migrating a facility from a previous owners' network to our clients' network. Duplicating some GPOs. Previous owners have a machine logon script that auto adds itself to another domain group. This is so a pre-req can run, then, after reboot, an application gets installed. On the "old" side, this works fine:
I've duplicated the policy on our clients' domain. If I run the vbs script manually, it works fine.
However, when it's running as a machine startup script, I'm getting access denied on the last line. So - it's a rights issue. I've looked through security policies till I was blue in the face and don't see where there is a setting to allow PCs to add themselves to groups.
NTFS permissions and share permissions are fine.
Anyone come across this before?
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Code:
On Error Resume Next
Set objGroup = GetObject _
("LDAP://cn=NA-MngSft ACAD05,cn=Users,dc=NA,dc=OLDDOMAIN,dc=com")
objGroup.PutEx ADS_PROPERTY_APPEND, "member", _
Array(objSysInfo.ComputerName)
objGroup.SetInfoI've duplicated the policy on our clients' domain. If I run the vbs script manually, it works fine.
However, when it's running as a machine startup script, I'm getting access denied on the last line. So - it's a rights issue. I've looked through security policies till I was blue in the face and don't see where there is a setting to allow PCs to add themselves to groups.
NTFS permissions and share permissions are fine.
Anyone come across this before?
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
