G
G
Gregory2019-11-08 12:03:13
cmd/bat
Gregory, 2019-11-08 12:03:13

How to delete a folder from a GPO on logout?

Windows Server 2012 R2.
There is a policy RDS_GPO, it is stored in OU RDS. The RDS computer, also known as the Terminal Server, is located in the same OU.
RDS_GPO has a huge number of policies, including computer policies and user policies.
User policies are successfully applied to all users who work on this computer. I think this is normal behavior.
There was a need to delete the folder %USERPROFILE%\AppData\Roaming\Corel when logging out (but it is also possible when logging in)
of
5dc52e43a483d789715161.jpeg
the user . enter, everything will be successful and the folder will be deleted.
But when I log out, it doesn't work.
We tried to run the same podarok.bat for the user directly from the folder where it is stored:
\\Amigo.local\sysvol\Amigo.local\Policies\{ED9FFD35-1E14-412D-B3FA-1DC173DE64B3}\User\Scripts\Logoff
Permission denied .
I would think that the problem is in the permissions to the folder \\Amigo.local\sysvol\Amigo.local\Policies\{ED9FFD35-1E14-412D-B3FA-1DC173DE64B3}\User\Scripts\Logoff
But the fact is that in this other files are stored in the same folder, which work fine on logout, but just as well fail (permission denied) when these files are manually called by the user in the session.
Where to dig?
I understand that there is not enough theory.
1. I don't know on whose behalf the script is executed when I log out.
2. I don’t know if the user needs access to the file that is being executed, but I suspect that it is not needed, I described why above.
Thank you.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Alexey Dmitriev, 2019-11-08
@SignFinder

If you implement this through the GPO-User Settings-Preferences-Control Panel Settings-Schedule task and create a task in the task scheduler to run the script at logoff, it will be more convenient for you to debug.

G
Gregory, 2019-11-14
@grigoriyb

I don't know how useful this will be to others, but my problem was solved by the fact that I figured out the policies that should not have been applied after the policy in which I did the deletion.
That is, the question was no longer about deletion, but in general about managing policies and understanding how policies are applied.
Thanks to all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question