GPO Logon and Runas Script

[PreviousPoster]

I have created a VBS Script that Removes accounts from the Local Admin Group of a users machine, but runs the script as a Domain User. I have tested the script and can run it from the SYSvol folder fine on the machines I need to apply this to. However when I apply this script to the logon policy for the user under GPO the Script will not run. I have ran a gpresult and the Policy is not showing in here as getting applied, what have I done wrong, what do i need to change?

Many Thanks

[JerryC]

From your note I assume you have it set up as a User Logon script as oppsed to a Computer Startup script. If this assumption is correct, then unless the logged on user is a member of the local Administrators security group, that script will NOT have the authority to either Add or Remove other accounts or groups. The Logon scripts run under the authority of the User, not the System.

Only Computer Startup scripts run under local System authority.

=========================================

You also wrote

...have ran a gpresult and the Policy is not showing in here as getting applied, what have I done wrong, what do i need to change...

Have you targeted the user accounts in your AD or only the machine account. If a User Logon script, you can only target the GPO at User accounts. And then, it'll ony work if the user has the correct authority as noted above. [Note: User authority would not prevent it from being targeted and showing up correctly in a RSoP report...only from "operating' correctly.]