Logon script as administrator 1

[jonwilbanks]

Is there a way to run programs and/or commands in a logon script as administrator?

 

[twicki]

Yes you can use the logon/logoff scripts in the group policy under windows settings.

You also may be able to help me as I know where to do the script but don't know how to write it.

What would be the script to put a shortcut to a folder on the network onto a users desktop?

 

[TB0NE]

jonwilbanks,

I have the same issue.

Currently, I have a script that calls on a program to scan the users computer (inventory). The program runs but it does not catch critical data due to the fact that the user does not have administrative privileges to the local machine.

If I run the same script with an account that has local machine admin rights, then the application (and script) works perfectly.

Anybody have ideas on running a script with elevated privileges. I'm not sure how to scructure a script with the 'RunAs' command and provide a password at the same time.
Further, I'm a little concerned that the account name and password could be found by someone, if I used the RunAs method. The scripts share on the server is accessible to a savy user.

Ideally, I would like to specify the setting in GPO. If not, then a VB script might work but I'd need some hand holding for that.

Any idea's would be greatly appreciated.

Thanks!

 

[PulsaMatt]

Script to copy shortcuts to the desktop from a mapped network drive ... its a VBscript I run through a GPO:

' ------------------------------------------------
' ----- Master Directories for the Two Icons ----- 
' ------------------------------------------------
destDir = "c:\documents and settings\all users\desktop"
srcDir = "g:\public\icons"

' -----------------------------------------------------
' ----- Source and Destination Icon Path Creation -----
' -----------------------------------------------------
dest_iso_icon = destDir & "\ISO Procedures and Work Inst.lnk"
dest_feedback = destDir & "\FEEDBACK.url"
dest_feedicon = "c:\nextish.ico"

src_iso_icon = srcDir & "\ISO Procedures and Work Inst.lnk"
src_feedback = srcDir & "\FEEDBACK.url"
src_feedicon = srcDir & "\nextish.ico"

' -------------------------------------------------
' ----- Creates the Master File System Object -----
' -------------------------------------------------
set fs = createobject("scripting.filesystemobject")

' ------------------------------------------------
' ----- Checks for the New ISO Shortcut, and -----
' ----- creates the icon if necessary        -----
' ------------------------------------------------
if fs.fileexists(dest_iso_icon) = false then
	set fIso_Icon = fs.getfile(src_iso_icon)
	fIso_Icon.copy(dest_iso_icon)
end if

' ---------------------------------------------
' ----- Checks the for Feedback Icon, and -----
' ----- creates the icon if necessary     -----
' ---------------------------------------------
if fs.fileexists(dest_feedback) = false then
	set fFeedback = fs.getfile(src_feedback)
	fFeedback.copy(dest_feedback)
end if
	
if fs.fileexists(dest_feedicon) = false then
	set fFeedicon = fs.getfile(src_feedicon)
	fFeedicon.copy(dest_feedicon)
end if

That script has worked pretty well for me, problem is it doesnt seem to run properly on a computer where the users only have standard privs, I would like the script to run as a administrator.

Matt Laski
Netadmin, Pulsafeeder Inc.

 

[Putzaroni1]

Matt mentioned that this doesn't work well unless the user has adminstrator privledges already.

All I want to do is run a script that will add an ICON to the c:\documents and settings\all users\desktop directory on ALL of my user's stations. I get ACCESS IS DENIED which tells me that the logon script runs with the permissions of that user which are minimal.

I was reading about Autoexnt.bat that is a resource kit utility that will run before anyone logs onto a Windows 2000 Pro station. I would need to install it on each (hundreds) of stations first and then it would do the job.

There must be an easier way. Any thoughts ?

 

[PulsaMatt]

If you find one let us know ... im still trying to figure out a way to make all this work ... someone mentioned mapping a drive to the same computer using an account with elevated permissions, then copy as needed, then disconnect the drive ... I havent tried it yet tho.

Matt Laski
Netadmin, Pulsafeeder Inc.

 

[Lumpster]

Here's one you can try. I use this to copy icons to PC's in my domain all the time. It should be run from a computer that is logged in with domain admins rights (so that you can access the C$ share on the PC's in the domain.

----------------------------------------------------------
' This vbscript will:
' 1) Loop through all the computers in a given domain (I am using a TestComputers OU in an Active Directory Domain)
' 2) Verify access to C$ on the computer (assumes you are logged in with Domain Admin rights)
' 3) Verify the directory path (I am only using W2K/XP machines, so I am only looking for C:\Documents and Settings and not C:\Winnt\Profiles)
' 4) Loop through each user profile and copy an icon to the user's Quick Launch bar
' 5) Copy an icon to the All Users Desktop
' 6) Write the status of each computer file copy to a text file
'
Const ADS_SCOPE_SUBTREE = 2
Const OverwriteExisting = True
Const ForAppending = 8
Set objConnection = CreateObject("ADODB.Connection&quot
Set objCommand = CreateObject("ADODB.Command&quot
Set objFSO = CreateObject("Scripting.FileSystemObject&quot
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name from 'LDAP://OU=TestComputers,DC=yourdomain,DC=com' " & "where objectClass='computer'"
objCommand.Properties("Page Size&quot = 1000
objCommand.Properties("Timeout&quot = 30
objCommand.Properties("Searchscope&quot = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results&quot = False
Set objTextFile = objFSO.OpenTextFile ("C:\CopyIcons_Status.txt", ForAppending, True)
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
If objFSO.FolderExists("\\" & objRecordSet.Fields("Name&quot.Value & "\c$&quot Then
If objFSO.FolderExists("\\" & objRecordSet.Fields("Name&quot.Value & "\c$\Documents and Settings&quot Then
Set Folder = objFSO.GetFolder("\\" & objRecordSet.Fields("Name&quot.Value & "\c$\Documents and Settings&quot
'Wscript.Echo "Accessing " & objRecordSet.Fields("Name&quot.Value
For Each Subfolder in Folder.SubFolders
'Wscript.Echo Subfolder.Path
If objFSO.FolderExists(Subfolder.Path & "\Application Data\Microsoft\Internet Explorer\Quick Launch&quot Then
'Wscript.Echo "Folder IS valid."
objFSO.CopyFile "\\servername\filepath\Application.lnk", Subfolder.Path & "\Application Data\Microsoft\Internet Explorer\Quick Launch\Application.lnk", OverwriteExisting
Else
'Wscript.Echo "Folder is NOT valid."
End If
Next
objFSO.CopyFile "\\servername\filepath\Application.lnk", "\\" & objRecordSet.Fields("Name&quot.Value & "\c$\Documents and Settings\All Users\Desktop\Application.lnk", OverwriteExisting
'Wscript.Echo objRecordSet.Fields("Name&quot.Value & " updated!"
objTextFile.WriteLine(objRecordSet.Fields("Name&quot.Value & " updated!&quot
Else
'Wscript.Echo objRecordSet.Fields("Name&quot.Value & " NOT updated."
objTextFile.WriteLine(objRecordSet.Fields("Name&quot.Value & " NOT updated.&quot
End IF
Else
'Wscript.Echo objRecordSet.Fields("Name&quot.Value & " is offline."
objTextFile.WriteLine(objRecordSet.Fields("Name&quot.Value & " is offline.&quot
End If
objRecordSet.MoveNext
Loop

objTextFile.Close
Wscript.Echo "Script Complete"
----------------------------------------------------------