Michael Jones
2025-Sep-07 22:16 UTC
[Samba] How to configure GPO for machine startup script?
I'm trying to configure a GPO that triggers a script to run at startup. All client machines are Windows 11, and I've installed the latest Windows 11 24h2 Administrative templates on my Samba 4.20.8 domain controller. I've already configured GPOs for on-login / on-logoff scripts, so I have a fairly good idea of what i'm doing, but despite the internet having dozens of examples of people doing startup scripts by adding them to a GPO's Computer/Policies/Windows/Scripts(Startup/Shutdown) entry, when I navigate to this in the Group Policy Management Console on one of my Windows 11 machines, the entry is simply not there. I've compared it to the Local Group Policy tool, which *does* have this entry. To be honest, I really don't even know what to look for to try to diagnose why this isn't available in my environment. So, am I trying to do something that is intentionally not possible, or am I simply doing something wrong? Does anyone have suggestions on what I can look at to diagnose and repair this?
Michael Jones
2025-Sep-11 02:18 UTC
[Samba] How to configure GPO for machine startup script?
I accidentally discovered the answer. There was some kind of NT ACL issue with the administrative templates. Running samba-tool ntacl sysvolreset fixed the issue, and the startup scripts section re-appeared. On Sun, Sep 7, 2025 at 5:16?PM Michael Jones <samba at jonesmz.com> wrote:> I'm trying to configure a GPO that triggers a script to run at startup. > > All client machines are Windows 11, and I've installed the latest Windows > 11 24h2 Administrative templates on my Samba 4.20.8 domain controller. > > I've already configured GPOs for on-login / on-logoff scripts, so I have a > fairly good idea of what i'm doing, but despite the internet having dozens > of examples of people doing startup scripts by adding them to a GPO's > Computer/Policies/Windows/Scripts(Startup/Shutdown) entry, when I navigate > to this in the Group Policy Management Console on one of my Windows 11 > machines, the entry is simply not there. > > I've compared it to the Local Group Policy tool, which *does* have this > entry. > > To be honest, I really don't even know what to look for to try to diagnose > why this isn't available in my environment. > > So, am I trying to do something that is intentionally not possible, or am > I simply doing something wrong? > > Does anyone have suggestions on what I can look at to diagnose and repair > this? >