I have just upgraded our company's domain controller from NT 4.0 to Windows 2008 Server. I used the in-place upgrade path, going first from NT 4.0 to Windows 2003 Server and then 2003 Server to 2008 Server. The orginal NT 4.0 domain was name Company. The new domain is Company.local. I have confirmed user and computer information was properly migrated, and the new domain has been in operation for a week with very few issues.
The problem I am having right now is with setting up a GPO user login script for a set of users. I believe I have set up the GPO correctly, but the script does not get executed on the client after login.
Upon investigation, I noticed I could execute the script (batch file) from the client manually after login if I navigated directly to the domain controller: \\*ServerName*\SysVol\*Company*.local\Policies\{GUID}\User\Scripts\Logon
However, if my understanding is correct, this path is not used by the client when executing the login sript, but instead the domain (forest?) name is used as the source (domain and forest name are the same in this case): \\*Company*.local\SysVol\*Company*.local\Policies\{GUID}\User\Scripts\Logon
When manually executing this batch file from the client I get a "Open File - Security Warning" dialog claiming the client cannot verify the publisher. The two paths above are essentially the same place, just accessed with different paths.
Any idea why the clients do not trust content from their own domain controller when accessed via \\*Company*.local and not \\*ServerName*? Are there any other places I should be looking for the probable cause?