In Windows 2000 Server and Windows 2003 Server, logon scripts can be assigned and deployed by Group Policy or Domain Group Policy with or without implementation of Active Directory. Main advantage of using the Group Policy to enforce logon scripts is that it will be easier when have to change the script name or add a new logon script. However, sometimes the workstations will have the symptom and problem where login scripts are not running or not executing, even if the logon scripts have been properly assigned via Group Policy, and the VBScripts has been put in the correct path in domain controller (i.e. %SystemRoot%\Sysvol\Sysvol\domainname\Scripts folder).

The problem of not working logon script via group policy is due to slow network connection (the rate of which data is transferred from domain controller providing policy update to the computers in the group) that is been detected during the initial logon process. If the Group Policy slow link is detected, the logon script will not run unless the policy processing settings are defined to override the program’s specified response to slow link.

The default behavior when slow link is detected are:

Policies that are applied are Registry settings, Security policies, EFS recovery policy and IP security, while policies that are not applied are Application Deployment, Scripts, Folder Redirection and Disk Quotas.

The resolution or workaround to the problem of logon scripts not executing, not running or not working is to create or modify a Group Policy Object (GPO) to alter the default behavior:

  1. Open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, right-click on domain object and select Properties.
  2. Select the Group Policy tab.
  3. If you’re using Group Policy Management Console snap-in for MMC, run the Group Policy Management and skip the above 2 steps.
  4. Select the Default Domain Policy (or any other enforced domain policy) and click Edit. (Right click on the Default Domain Policy or the enforced domain policy that you want to change in Group Policy Management console)
  5. Navigate to Computer Configuration -> Administrative Templates -> System -> Group Policy.
  6. Look for Scripts policy processing. Double click on Scripts policy processing and select (check) Enabled. Then, also select (check) Allow processing across a slow network connection in the box and press OK.

    Note: Other default behaviors that is not executing when slow link detected can also be changed:

    Folder redirection policy processing
    Disk quota policy processing
    Scripts policy processing
    EFS recovery policy processing
    Software installation policy processing
    IP security policy processing
    Internet Explorer Maintenance policy processing
    Wireless policy processing

  7. Close the MMC snap-in.
  8. Restart the remote computer or workstation.

You can also modify the predefined settings for slow link connection for users, which apply to users regardless of which computer they log on. The steps will be similar to the above, but instead of navigating to Computer Configuration, navigate to User Configuration instead. After that, go to Administrative Templates -> System -> Group Policy. Enable (check the Enabled radio button) the Scripts policy processing, and then select the Allow processing across a slow network connection check box.

It’s also possible to disable the Group Policy slow link detection directly, by select (check) the Enable Group Policy slow link detection, and then type 0 in the Connection speed box. However, in some cases, this setting seems to be unreliable and not necessarily will work.