I like psexec but I have a big problem with it in that it always installs a service on the fly. This is more intrusive than it should be or even needs to be. -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derek Harris Sent: Saturday, December 09, 2006 4:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] running scripts via group policy using alternate accounts I'd agree with Brian that this sounds like a bad idea. There are too many ways to do it right; the cheapest (free) & easiest is probably to use psexec to run a script that launches your install in silent mode from a network share, under whatever context you choose. The exact way to do that depends on the install program, but you can get a lot of info from http://www.appdeploy.com/ and a few other sites. A Google search for remote silent install <your app> should give you some ideas. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaspreet Jolly Sent: Saturday, December 09, 2006 2:01 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] running scripts via group policy using alternate accounts Anuj, I do understand what you are trying to accomplish, and I know there is no other way of doing this so you have to get this done using login scripts only. As for joe's CPAU I tried it sometime back but unfortunately it didn't worked for me. Maybe I was doing something wrong, please do give it a shot or alternatively you can use "runas" command in script the only problem here being that you will have to write a script which automatically passes password to the command. You can tell the programmer to do so. Or you can use "kiXtart" script which would encrypt the script containing userid & password. You can also use paid tools like "TCQRunas" I know your organization will never allow this but you should try this for your own knowledge. Regards, Jaspreet Jolly _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Saturday, December 09, 2006 1:39 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] running scripts via group policy using alternate accounts The logon script will run in the context of the user who runs it. My suggestion is that you rethink your process because this sounds like a really crappy plan that you've got. I believe Joe Richards' cpau utility on joeware.net supports some type of encryption of credentials that you could use if you must do this. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anuj Attree Sent: Saturday, December 09, 2006 2:29 AM To: activedir@mail.activedir.org Subject: [ActiveDir] running scripts via group policy using alternate accounts Hi, Is there a way to run user logon scripts via Group Policy using alternate credentials (say domain admins)? i m putting this question because i want to (for example) install some s/w (yes i can use s/w installation feature from GPMC, i know) or want to run a command which can be run only by administartor (say ipconfig /registerdns or something else) through the script but as the user logging in should have administrator priveleges to install the s/w etc and which is not the case generally. please correct me if i m wrong. -- Regards Anuj Attree
