Note that there are encrypted runas programs available so that you can run something in a different user context without supply a password on the command line or in a script - half an hour with your favourite search engine will find a bucket load. Whether they are secure or not I couldn't tell since I haven't used them :)
Kind regards Drew -----Original Message----- From: Depp, Dennis M. [mailto:[EMAIL PROTECTED] Sent: 09 March 2006 12:12 To: Murad Talukdar; [email protected] Subject: RE: user logon script context.... Murad, It is not possible to run logon scripts under a different context. You might be able to change the context in the script with runas, but this will require using a password in a script. You might want to look at using computer startup scripts. These will run in the context of local system; however, you will not be able to know what user will be on the system. Denny -----Original Message----- From: Murad Talukdar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 1:35 AM To: 'Murad Talukdar'; [email protected] Subject: RE: user logon script context.... Okay a further google showed me the answer--but some clarification would be great-can logon scripts be set to run under a chosen context? Ie, if I don't want it to run under either SYSTEM or localadmin, can this be done? (I get the feeling this could be no). Regards Murad Talukdar -----Original Message----- From: Murad Talukdar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 4:31 PM To: '[email protected]' Subject: user logon script context.... Hi guys, Can anyone point me to a paper detailing what security context a User logon script runs under? I want to know what kind of permissions a script(well, I understand that it doesn't have permissions itself but runs AT a certain level of access) has when that user logs one. For instance, if the user is just a restricted user locally, should I be able to call a .exe in the script which loads and writes to the c drive? All this to be done through a GPO. Kind Regards Murad Talukdar ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
