Brian said:
Please Ignore, problem sorted.
No, please don't ignore.
I have a problem with this.
Here is the setup
I have some computers in Domain A that I have set a logon script for
via a computer GPO
The startup script is a .cmd file with something like
@echo Is this working?>c:\localfiles\test.txt
@xcopy \\serverB\share\files\*.* c:\localfiles\ /y
The test.txt file gets created fine, so I know the script is
executing. And if I run the command at a run line after I log in, it
works, so I know the syntax is correct. Problem is the files are not
copying down to the computers durring the startup script. I know this
is a rights issue on the share, but Iam having a hard time figuring
out what rights I need to assing on the share.
So, who do I give rights to on ServerB\Share. There is a fly in the
ointment. ServerB is on a different DOMAIN than the computers, but
they are in the same AD forrest and there is a trust (don't know if
that is still the right term) between them. I have tried granting
rights to Domain Computers from Domain A and I have tried
authenticated users but neither of these works. I can copy files from
a server on Domain A fine, but I have to grant rights to Domain Users,
and I kind of want to avoid that.
I got this working
@xcopy \\serverA\share\files\*.* c:\localfiles\ /y where ServerA is on
the same domain as the computers.
I have read through many posts on here and have surmised that startup
scripts run as NT AUTHORITY\SYSTEM but how do I get that account to be
able to copy stuff off the network. Is it even possible without
opening up the share to everyone?
I have tried adding the computers to a group and giving that group
rights on the share but I couldn't get that to work either. Should
it? Because that seems like the best way to go from a security
standpoint.
