The problem of not working logon script via group policy is due to slow network connection (the rate of which data is transferred from domain controller providing policy update to the computers in the group) that is been detected during the initial logon process. If the Group Policy slow link is detected, the logon script will not run unless the policy processing settings are defined to override the program’s specified response to slow link.
The default behavior when slow link is detected are:
Policies that are applied are Registry settings, Security policies, EFS recovery policy and IP security, while policies that are not applied are Application Deployment, Scripts, Folder Redirection and Disk Quotas.
The resolution or workaround to the problem of logon scripts not executing, not running or not working is to create or modify a Group Policy Object (GPO) to alter the default behavior:
- Open the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, right-click on domain object and select Properties.
- Select the Group Policy tab.
- If you’re using Group Policy Management Console snap-in for MMC, run the Group Policy Management and skip the above 2 steps.
- Select the Default Domain Policy (or any other enforced domain policy) and click Edit. (Right click on the Default Domain Policy or the enforced domain policy that you want to change in Group Policy Management console)
- Navigate to Computer Configuration -> Administrative Templates -> System -> Group Policy.
- Look for Scripts policy processing. Double click on Scripts policy processing and select (check) Enabled. Then, also select (check) Allow processing across a slow network connection in the box and press OK.
Note: Other default behaviors that is not executing when slow link detected can also be changed:
Folder redirection policy processing
Disk quota policy processing
Scripts policy processing
EFS recovery policy processing
Software installation policy processing
IP security policy processing
Internet Explorer Maintenance policy processing
Wireless policy processing
- Close the MMC snap-in.
- Restart the remote computer or workstation.
You can also modify the predefined settings for slow link connection for users, which apply to users regardless of which computer they log on. The steps will be similar to the above, but instead of navigating to Computer Configuration, navigate to User Configuration instead. After that, go to Administrative Templates -> System -> Group Policy. Enable (check the Enabled radio button) the Scripts policy processing, and then select the Allow processing across a slow network connection check box.
It’s also possible to disable the Group Policy slow link detection directly, by select (check) the Enable Group Policy slow link detection, and then type 0 in the Connection speed box. However, in some cases, this setting seems to be unreliable and not necessarily will work.