Logoff script not running

[aldovalerio]

Windows 2000 Workstation client, Windows 2000 Advanced Server. SP4 on both.

I'm trying to get a logoff script to work, but in certain cases it's not being executed when I log off. It's a simple 1 line IF EXIST C:\XYZ DEL /Q C:\XYZ\*.* and it works when executed manually, but not when I create a policy for it. I tried 2 ways:

1) Creating a local policy on the workstation with gpedit.msc: User Configuration->Windows Settings->Scripts(Logon/Logoff)->Logoff. I clicked on Logoff and specified the Script Name as C:\WINNT\system32\GroupPolicy\User\Scripts\Logoff\Delete_ExportedFiles.cmd. The permissions on the command file and its folder are Full Control for Authenticated Users.
When I log off as a domain user, it's not run, but when I log off as the local workstation administrator, it runs! In the latter case I see the message, "Running logoff scripts", when logging off. Note: no domain policy logoff script existed at this time.

2) After removing the above local policy script, I set up a domain group policy. On the domain server, I launched Active Directory Users and Computers, right clicked on the domain name, selected Properties and Group Policy tab, clicked Edit for Default Domain Policy, User Configuration->Windows Settings->Scripts(Logon/Logoff)->Logoff. I clicked on Logoff and specified the Script Name as \\<SERVER_NAME>\sysvol\<DOMAIN>\Policies\<GUID>\USER\Scripts\Logoff\Delete_ExportedFiles.cmd. This pathname is the one I get when I click on the Show Files button, and the command file exists in that folder. The permissions on the command file and its folder are Read and Read&Execute for Authenticated Users. Note: I can run the above path and command file from the workstation and ti executes ok.
When I log off as a domain user, it's not run.

Does the workstation or server have to be rebooted for the policy to take effect? What am I missing? There must be something blocking it from the domain user.

 

[tfg13]

The workstation should have the:

gpupdate /force

command run (at the command line) then do a reboot.

Have you tried to run the cmd as a Authenticated user instead of an admin? Just thought I'd ask.

I have come across some issues with logoff scripts/batch on the local machine because the machine shuts down before it can fully run. Do you feel this may be the same problem?

 

[aldovalerio]

The client is Windows 2000, so the equivalent command is
secedit /refreshpolicy {machine_policy | user_policy}[/enforce]. I ran both the machine_policy and user_policy and I see that there are errors in the Event Viewer.
Event: 1000, Source: Userenv, Description: Windows cannot establish a connection to <DOMAIN> with (10054).
Event: 1000, Source: Userenv, Description: Windows cannot query for the list of Group Policy objects . A message that describes the reason for this was previously logged by this policy engine.

I'm guessing that this has something to do with the fact that we're using a VPN connection to connect to the server. However, I can ping and access the domain server's folder with the scripts, and I have successfully run the script manually from the workstation with the VPN disconnected:
\\SERVER_NAME>\sysvol\<DOMAIN>\Policies\<GUID>\USER\Scripts\Logoff\Delete_ExportedFiles.cmd
There's the normal share on the SYSVOL, which I think explains the access without the VPN.

Even if I can't set this up as a domain policy, I'd like to get it working as a local policy.

I have run the logoff script as an authenticated user (domain user), but it doesn't run. Running it as the local admininstrator works.