AD GPO & Logon Scripts

  • Thread starter Thread starter hecresper
  • Start date Start date
H

hecresper

Ok,

I'm trying to patch all of my computers with a Logon Script assigned from a
GPO. So far only the Employees that have Admin rights on their computers
have been able to get patch successfully. How do I get the rest to run the
script and apply the patch?

Here's my Logon Script for the moment:

@echo off

net use s: \\support-share\support /persistent:no

if exist s:\scriptlog\%computername%.txt goto end

s:\patches\patchfilename.exe -q -u -z
echo Patched 824146 > s:\scriptlog\%computername%.txt

:end
net use s: /delete

Is there something I can use to make that patch run as another user or with
Admin privileges?

Thanks for your input.
 
o Computer Startup/Shutdown scripts
run with System priviledges.
o User Logon/Logoff scripts run with
that user's priviledges.

I do wich that GPOs allowed the functionality to elevate the permissions of
specific User Logon scripts using a domain-side GPO (not the local User
scripts).

If you are allowed to target the devices themselves and if the patch will
run correctly as the "System", then a Computer Startup script is the
quickest answer.

Note: The builtin "RunAs" command does not accept a command line parameter
for an accounts' password.

Jer
 
Back
Top