Print Page | Close Window

GPO login script examples?

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Discription: User Profile Wizard questions, suggestions, comments and bug reports
URL: http://forum.ForensiT.com/forum_posts.asp?TID=1523
Printed Date: 09 Aug 2020 at 8:38pm


Topic: GPO login script examples?
Posted By: jkapernicus
Subject: GPO login script examples?
Date Posted: 03 Oct 2017 at 2:08pm
Hello All,

I'm about to perform a large migration. I have 2 qeustions.

1. Is using a login script through GPO considered a "Push" or "Pull" migration?
2. Does anyone have examples of the login scripts they've used to initiate the exe?

Noob questions I know, but thanks.



Replies:
Posted By: Support
Date Posted: 05 Oct 2017 at 3:46am
Hi,

Running from a GPO is "Pull" migration because you are running a script on the target machine.

The basic steps for running from a GPO are as follows.

1. You should run a Computer Startup script, not a User Logon script.

2. Create a "Single Deployment File" (Migrate.exe)

3. You can run migrate.exe directly from your Startup script GPO; it does not need to be launched using another script or batch file.

4. To run from a Startup script, you must have configured User Profile Wizard to migrate “All matching account profiles” (step 6 of the Deployment Kit.)

Our advice is to run migrate.exe directly on a workstation first – without using the Startup script. This will allow you to make sure the migration works successfully.

5. Now the key part. If you run from a startup script, the migration process will run in the security context of the SYSTEM account (which is good.) You should therefore blank out the <LocalAdmin> and <LocalPwd> values in your Profwiz.config file:

<LocalAdmin></LocalAdmin>
<LocalPwd></LocalPwd>

Save the Profwiz.config file and then drag and drop it onto your migrate.exe file: this will update the migrate.exe file. (See pages 57 and 58 of the User Guide)

I hope this helps.


Posted By: jkapernicus
Date Posted: 09 Oct 2017 at 11:17am
Thanks for the reply.

The client has stated they only want to migrate the logged in user. Can I still run in computer configuration with that setting?

Also, out of curiosity why do you suggest running computer GPO vs user?



Posted By: Support
Date Posted: 10 Oct 2017 at 3:29am
As stated above, if you are running from a Startup script GPO, the migration process runs in the security context of the SYSTEM account, so the "logged on user" is SYSTEM. If you want to migrate a specific user account, you will need to create a custom migration script to get the user account name from somewhere (like the registry) and pass it to Profwiz.exe.

However, when you migrate “All matching account profiles” you need to keep in mind the word matching. If only one user account name matches the list in your User Lookup file, only one profile is going to get migrated. (You can also set <SkipOnNoUserLookup> in your Profwiz.config file.)

We recommend running from a Computer GPO simply because it is more reliable.



Print Page | Close Window