Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using Runas VB Script under Logon section in Group Policy 1

Status
Not open for further replies.

GCFG

Technical User
Dec 4, 2007
13
GB
I have created a VBS Script that Removes accounts from the Local Admin Group of a users machine, but runs the script as a Domain User. I have tested the script and can run it from the SYSvol folder fine on the machines I need to apply this to. However when I apply this script to the logon policy for the user under GPO the Script will not run. I have ran a gpresult and the Policy is not showing in here as getting applied, what have I done wrong, what do i need to change?

Many Thanks
 
This KB describes what the behavior should be:

This sounds like what you are seeing:


Some other troubleshooting info:

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Hi guys I have manged to get this to work using the VB Script, Just checked and it had an overriding policy above it which stopped it from running, moved this up the list and it started working fine.

Just got another question regarding this now. The script removes any user or group from the local admin group during user logon apart from the the groups defined in the list. my concern is would the same apply if the user logged onto a terminal server, would it rip out the users / groups like it has on the local users machine?
 
Could you share with me the script that you used to remove the users from the local admin group? I am trying to do something similar. I need to be able to reset the local admin group to a defined set of groups and users and also add the logged on user to the group. I wrote a script to do this but can not find a way to run it as a non-priveledged user. So I would like to be able to do this through a GPO.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top