Script not running on startup for GPO

I have seen many posts on this website about something similar but none of them have had the resources to fix my issue so I will go into as much detail as I can. If I leave any information out let me know.

We have a server with an exe file on it to start an update for a software called Bluebeam. I wrote a script file to start that exe on startup and placed it in the same directory as the exe. Nothing happened when I did that, I would start up a computer that I know has delegation and run gpupdate /force to get it going and restart the computer, nothing happens. I then made it so when there was a user logon it would do the same. Same result. I made sure "enforced" was enabled, I enabled "always wait for the network at computer startup and logon," and finally I also enabled "configure scripts policy processing"

None of those helped. I looked into the script files again and I noticed that when I clicked "show files" under my GPO, the script I wanted wasn't there. So I added it manually and forced the update again, nothing.

I am only running this under a test environment right now so I am not pushing this to my domain controllers, servers, or really any users. I am pushing this to 2 different computers right now and they are not working.

I will show you photos of everything I have and if you all have any questions let me know.

Image showing GPs on the test environment

delegation to a computer called dantest, the one I am trying this with

the script at startup

the script at logon

Forget about the Startup Script in "Computer Configuration" because the script you set there is executed by the System even before anyone is logged in.

This is typically not interactive (you can add scripts to cleanup certain directories, or configure something on the computer, but you can't start an end-user application here, the app will not show but may be running in the background).

Well, you configured the Logon Script in "User Configuration" too, that's better because the scripts here are executed in the user's context, however, since Windows 8.1 the Logon Scripts don't run for five minutes after a user logs on. This is by design to speed up the loading of the user's desktop. However you can change that:

If you want the logon scripts to run at user logon without any delay, you should configure the Configure Logon Script Delay setting to Disabled in the Computer Configuration\Administrative Templates\System\Group Policy location.

But, still, this is not the preferred way of achieving what you want, as Microsoft says:

This mechanism allows administrators to perform various maintenance and management tasks on client computers, including (but not limited to) collecting diagnostic information, invoking security scans, cleaning or resetting system state, and installing tools.

you are out of scope because you don't want to "perform various maintenance and mangement tasks" with your use case.

I recommend you to deploy a Run Registry Key instead. You can still deploy that with Group Policy:

If you want to deploy this on a Computer (so that it applies to everyone logging in on the computer), then, in your GPO, go to Computer Configuration -> Preferences (not "Policies") -> Windows Settings -> Registry -> New Registry Item, and create a new REG_SZ value under the path shown in the documentation (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run), give it a meaningful Value name, and set the Value data to be the path of the executable on the computer.

If you want to deploy this setting on a per-user basis, then use the same method but on User Configuration instead of Computer Configuration (and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run instead of HKLM).

Don't forget to link the Group Policy on an O.U containing your Users if you are using User Configuration, or on a Computer O.U if you are using Computer Configuration (same for the Delegation rights, add users if you are working with User Configuration or Computers if you are working with Computer Configuration)

You're close, but missing one important thing: based on your screen shot, no objects have the "Apply" permission for this GPO. The default GPO would grant the 'Read' and 'Apply' permissions to the "Authenticated Users" group. I'm guessing that you removed this from the security filtering setting so you could apply it only to your test machine.

To fix the startup script policy and still keep it only applicable to your "DANTEST" computer, edit the GPO, open its properties, and go to the security settings. Add the computer account for DANTEST and grant it the 'Apply' permission (in addition to the 'Read' permission).

If you want to use the logon script, follow the same process to add the 'Apply' permission for the user who is testing the script. Then move the logon script out of the Computer Settings section of the GPO and into the User Settings of the GPO.

Finally, when you're done testing, you can simply add "Authenticated Users" with the "Read and Apply" permissions, which is the default security filtering.