On Thu, Jun 11, 2009 at 2:28 PM, Juned Shaikh<[email protected]> wrote: > My understanding was if a script is run as > \\domainname\netlogon\Logon.bat it will run under Logged-in user context
I'm pretty sure your understanding is wrong. :-) The path/location of the script doesn't matter. User logon/logoff scripts run as the user who is logging on/off. This is the same regardless of whether the logon script is configured via account properties or GPO. Machine startup/shutdown scripts run as the machine account. The machine account has system privileges on the machine it corresponds to. > If that's the case, any idea how do you run the registry keys directly as > part of the > GPO and not as script within a GPO. I don't think you can do that. In your original message, you mention deleting a registry key from HKEY_LOCAL_MACHINE. You can do that from a script started by GPO, as long as it is a computer startup script (and not a user logon script). The GPO will have to be assigned to the computer(s) you want to target. It can't be done on a per-user basis, since you can only assign user logon/logoff scripts to users, and we've already established that they don't have the proper permissions. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
