Login Script problem.

[Guest Sandeep K]

History of issue:-

 

All users belonged to the Single(e.g:- S) OU in the Active Directory. This

OU(i.e S) had Group Policies assigned against it and a number of Logon

scripts were run. All users were located in one location with no problems.

A project was raised to separate the users in two different OU ( E.g:- U1 and

U2) because of businesses requirment and the in new building was prepared.

 

As a joint exercise, the U1 users and U2 users were separated into 2 newly

created OU's (e.g:- S1 and S2). These new OU's ran the same GPO's (with some

slight differences, mainly branding) and the same Logon scripts. The U2

staff were moved to new building.

At this time, U2 users started experiencing problems inheriting GPO policy

changes made at OU level, and as a consequence of a separate Internet problem

we identified a problem where as if the users roaming profile was reset on

the Server and local workstation, the users was no longer able to process

some parts of the GPO's and login scripts.

There is no issue with U1 users OU.

 

We have done some testing and have now identified Domain Group memberships

that provide data NTFS permissions as the cause of this problem.

 

We have investigated these groups to see if other users experiencing this

problem are also members, but it appears not.. The Groups however belong to

addition Domain groups which now need investigating.

 

We are able to turn the problem on and off by adding the user to problmatic

groups either independently or separately. The problem for the user will

only occur when we add the user to the problematic groups and reset the

profile on the machine and server, otherwise the cached working settings will

remain until some error occurs which forces the profile resets.

 

Please suggest how we can fix the issue.