I was testing a script file and was not actually expecting it to run in the way it did. It wrote to the c:\ drive when I fully expected it to write to the user's profile. This stumped me. So then I started to think maybe I had learnt it wrong that scripts run as the user OR there are permissions set that should not have been. Which looks likely on this one machine
Thanks for all the help-especially the pointers to the apps which let me run scripts as different users/contexts-I can see where it was getting the ability to write to the c drive when I believed it shouldn't be able to. Regards Murad Talukdar -----Original Message----- From: Depp, Dennis M. [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 10:12 PM To: Murad Talukdar; [email protected] Subject: RE: user logon script context.... Murad, It is not possible to run logon scripts under a different context. You might be able to change the context in the script with runas, but this will require using a password in a script. You might want to look at using computer startup scripts. These will run in the context of local system; however, you will not be able to know what user will be on the system. Denny -----Original Message----- From: Murad Talukdar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 1:35 AM To: 'Murad Talukdar'; [email protected] Subject: RE: user logon script context.... Okay a further google showed me the answer--but some clarification would be great-can logon scripts be set to run under a chosen context? Ie, if I don't want it to run under either SYSTEM or localadmin, can this be done? (I get the feeling this could be no). Regards Murad Talukdar -----Original Message----- From: Murad Talukdar [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 4:31 PM To: '[email protected]' Subject: user logon script context.... Hi guys, Can anyone point me to a paper detailing what security context a User logon script runs under? I want to know what kind of permissions a script(well, I understand that it doesn't have permissions itself but runs AT a certain level of access) has when that user logs one. For instance, if the user is just a restricted user locally, should I be able to call a .exe in the script which loads and writes to the c drive? All this to be done through a GPO. Kind Regards Murad Talukdar ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
