I recommended psexec as a possible alternative method of remotely
running your install, instead of using a login script. There are
several other options, which are all better than initiating an install
from a login script. You can do it with a VB script something like
this: (watch word wrap)
On Error Resume Next
Dim strComp, result, app
'hard-code the cmdline instead of using an inputbox if you want
app = InputBox("Please enter the command line, including UNC
path.","Remote Execute")
'you can modify to take input from a file for comp names
strComp = InputBox("Please enter the machine name.","Remote Execute")
Set process = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &
strComp & "\root\cimv2:Win32_Process")
result = process.Create (app,null,null,processid)
WScript.Echo "Method returned result = " & result & vbCrlf & "Id of new
process is " & processid
If Err <>0 then
WScript.Echo Err.Description, "0x" & Hex(Err.Number)
End If
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anuj Attree
Sent: Sunday, December 10, 2006 11:18 AM
To: [email protected]
Subject: Re: [ActiveDir] running scripts via group policy using
alternate accounts
Thanks a lot to you all...
i will try to use and implement cpau and/or psexec and post the results
for the same. but i m not sure how to use psexec for this purpose
(running logon scripts through alternate credentials).
On 12/10/06, joe <[EMAIL PROTECTED]> wrote:
I like psexec but I have a big problem with it in that it always
installs a service on the fly. This is more intrusive than it should be
or even needs to be.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
________________________________
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Derek Harris
Sent: Saturday, December 09, 2006 4:35 PM
To: [email protected]
Subject: RE: [ActiveDir] running scripts via group policy using
alternate accounts
I'd agree with Brian that this sounds like a bad idea. There
are too many ways to do it right; the cheapest (free) & easiest is
probably to use psexec to run a script that launches your install in
silent mode from a network share, under whatever context you choose.
The exact way to do that depends on the install program, but you can get
a lot of info from http://www.appdeploy.com/ and a few other sites. A
Google search for remote silent install <your app> should give you some
ideas.
________________________________
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Jaspreet
Jolly
Sent: Saturday, December 09, 2006 2:01 AM
To: [email protected]
Subject: RE: [ActiveDir] running scripts via group policy using
alternate accounts
Anuj,
I do understand what you are trying to accomplish, and I know
there is no other way of doing this so you have to get this done using
login scripts only.
As for joe's CPAU I tried it sometime back but unfortunately it
didn't worked for me. Maybe I was doing something wrong, please do give
it a shot or alternatively you can use "runas" command in script the
only problem here being that you will have to write a script which
automatically passes password to the command. You can tell the
programmer to do so. Or you can use "kiXtart" script which would encrypt
the script containing userid & password.
You can also use paid tools like "TCQRunas" I know your
organization will never allow this but you should try this for your own
knowledge.
Regards,
Jaspreet Jolly
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond
Sent: Saturday, December 09, 2006 1:39 PM
To: [email protected]
Subject: RE: [ActiveDir] running scripts via group policy using
alternate accounts
The logon script will run in the context of the user who runs
it. My suggestion is that you rethink your process because this sounds
like a really crappy plan that you've got.
I believe Joe Richards' cpau utility on joeware.net
<http://joeware.net/> supports some type of encryption of credentials
that you could use if you must do this.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anuj Attree
Sent: Saturday, December 09, 2006 2:29 AM
To: [email protected]
Subject: [ActiveDir] running scripts via group policy using
alternate accounts
Hi,
Is there a way to run user logon scripts via Group Policy using
alternate credentials (say domain admins)?
i m putting this question because i want to (for example)
install some s/w (yes i can use s/w installation feature from GPMC, i
know) or want to run a command which can be run only by administartor
(say ipconfig /registerdns or something else) through the script but as
the user logging in should have administrator priveleges to install the
s/w etc and which is not the case generally.
please correct me if i m wrong.
--
Regards
Anuj Attree
--
Regards
Anuj Attree
