ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - GPO login script examples?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

GPO login script examples?

 Post Reply Post Reply
Author
Message
jkapernicus View Drop Down
Newbie
Newbie


Joined: 03 Oct 2017
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jkapernicus Quote  Post ReplyReply Direct Link To This Post Topic: GPO login script examples?
    Posted: 03 Oct 2017 at 2:08pm
Hello All,

I'm about to perform a large migration. I have 2 qeustions.

1. Is using a login script through GPO considered a "Push" or "Pull" migration?
2. Does anyone have examples of the login scripts they've used to initiate the exe?

Noob questions I know, but thanks.
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 05 Oct 2017 at 3:46am
Hi,

Running from a GPO is "Pull" migration because you are running a script on the target machine.

The basic steps for running from a GPO are as follows.

1. You should run a Computer Startup script, not a User Logon script.

2. Create a "Single Deployment File" (Migrate.exe)

3. You can run migrate.exe directly from your Startup script GPO; it does not need to be launched using another script or batch file.

4. To run from a Startup script, you must have configured User Profile Wizard to migrate “All matching account profiles” (step 6 of the Deployment Kit.)

Our advice is to run migrate.exe directly on a workstation first – without using the Startup script. This will allow you to make sure the migration works successfully.

5. Now the key part. If you run from a startup script, the migration process will run in the security context of the SYSTEM account (which is good.) You should therefore blank out the <LocalAdmin> and <LocalPwd> values in your Profwiz.config file:

<LocalAdmin></LocalAdmin>
<LocalPwd></LocalPwd>

Save the Profwiz.config file and then drag and drop it onto your migrate.exe file: this will update the migrate.exe file. (See pages 57 and 58 of the User Guide)

I hope this helps.
Back to Top
jkapernicus View Drop Down
Newbie
Newbie


Joined: 03 Oct 2017
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jkapernicus Quote  Post ReplyReply Direct Link To This Post Posted: 09 Oct 2017 at 11:17am
Thanks for the reply.

The client has stated they only want to migrate the logged in user. Can I still run in computer configuration with that setting?

Also, out of curiosity why do you suggest running computer GPO vs user?

Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 10 Oct 2017 at 3:29am
As stated above, if you are running from a Startup script GPO, the migration process runs in the security context of the SYSTEM account, so the "logged on user" is SYSTEM. If you want to migrate a specific user account, you will need to create a custom migration script to get the user account name from somewhere (like the registry) and pass it to Profwiz.exe.

However, when you migrate “All matching account profiles” you need to keep in mind the word matching. If only one user account name matches the list in your User Lookup file, only one profile is going to get migrated. (You can also set <SkipOnNoUserLookup> in your Profwiz.config file.)

We recommend running from a Computer GPO simply because it is more reliable.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.047 seconds.