General discussion

Locked

Logon Script with admin permissions

By Mr. Pena ·
I have logon scripts running in a NT 4.0, 98, 2000pro enviroment which enter settings into the registry. How can I have these logon scripts run with admin rights so that the users don't have to be local admins for their machines in order for the changes to the registry to take place?

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Logon Script with admin permissions

by MCSE Rabbi In reply to Logon Script with admin p ...

Well, for Win98, you don't have to worry about local admin rights.

I'm not sure if there is a similar command in NT, but with Win2k you can try the "run as" command.

Go to the command prompt and type "runas /?" to get the syntax or here it is :)

C>runas /?
RUNAS USAGE:

RUNAS [/profile] [/env] [/netonly] /user:<UserName> program

/profile if the user's profile needs to be loaded
/env to use current environment instead of user's.
/netonly use if the credentials specified are for remote access only.
/user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
program command line for EXE. See below for examples

Examples:
> runas /profile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

NOTE: Enter user's password only when prompted.
NOTE: USER@DOMAIN is not compatiblewith /netonly.

Collapse -

Logon Script with admin permissions

by Mr. Pena In reply to Logon Script with admin p ...

the only problem with this command is that it prompts you for a password

Collapse -

Logon Script with admin permissions

by Joseph Moore In reply to Logon Script with admin p ...

I have .REG files that import data into the Registry of user machines during their logon scripts with no problem. I have not had to specify special rights or other accounts to run them.
To get the .REG files to work, just place them in the Netlogonshare on your PDC, then in the logon scripts for the users put in:

REGEDIT /S regfilename.REG

The REG import works under the Local System account, and it has all the rights you need.

hope this helps

Collapse -

Logon Script with admin permissions

by Mr. Pena In reply to Logon Script with admin p ...

Joseph, I already have the logon scripts like this but on Nt and 2000 machines when it tries to import the .reg it gives a cannot import access denied error if users are not local admins.

Collapse -

Logon Script with admin permissions

by erikdr In reply to Logon Script with admin p ...

Well, answer 1 still presumes that users DO know this admin password...
The only way I've seen this working is with service accounts. You could look for a Regedit util which can work without any GUI (from a service account) and then figure out a solution where this util is triggered by the logon.
BUT, this is exactly the way software distribution tools work and they already figured this out for you. For W2K workstations you can use the free MS IntelliMirror (if you have W2K Server) but for NT, or W2KPro-with-NTServer, you got to go commercial. An affordable but very powerful solution is Veritas WinInstall 2000, retails for about 20-25 bucks per PC.

Hope this helps,

<Erik> - The Netherlands

Collapse -

Logon Script with admin permissions

by Mr. Pena In reply to Logon Script with admin p ...

THANK YOU VERY HELPFUL

Collapse -

Logon Script with admin permissions

by Mr. Pena In reply to Logon Script with admin p ...

This question was closed by the author

Back to Networks Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums