The company I work for uses a program called RunAs Pro which seems to work
quite well. You can create the batch files, have them run as another user
etc, and then build the distribution file (.rap). Works well for ur
environment.
hth,
todd
Dubber, Drew B writes:
Note that there are encrypted runas programs available so that you can
run something in a different user context without supply a password on
the command line or in a script - half an hour with your favourite
search engine will find a bucket load. Whether they are secure or not I
couldn't tell since I haven't used them :)
Kind regards
Drew
-----Original Message-----
From: Depp, Dennis M. [mailto:[EMAIL PROTECTED]
Sent: 09 March 2006 12:12
To: Murad Talukdar; [email protected]
Subject: RE: user logon script context....
Murad,
It is not possible to run logon scripts under a different context. You
might be able to change the context in the script with runas, but this
will require using a password in a script.
You might want to look at using computer startup scripts. These will
run in the context of local system; however, you will not be able to
know what user will be on the system.
Denny
-----Original Message-----
From: Murad Talukdar [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 1:35 AM
To: 'Murad Talukdar'; [email protected]
Subject: RE: user logon script context....
Okay a further google showed me the answer--but some clarification would
be great-can logon scripts be set to run under a chosen context?
Ie, if I don't want it to run under either SYSTEM or localadmin, can
this be done? (I get the feeling this could be no).
Regards
Murad Talukdar
-----Original Message-----
From: Murad Talukdar [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 09, 2006 4:31 PM
To: '[email protected]'
Subject: user logon script context....
Hi guys,
Can anyone point me to a paper detailing what security context a User
logon script runs under?
I want to know what kind of permissions a script(well, I understand that
it doesn't have permissions itself but runs AT a certain level of
access) has when that user logs one.
For instance, if the user is just a restricted user locally, should I be
able to call a .exe in the script which loads and writes to the c drive?
All
this to be done through a GPO.
Kind Regards
Murad Talukdar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
-----
Joel: "What do you want for Christmas, Crow?"
Crow: "I wanna decide who lives and who dies."
-- Joel Robinson & Crow T. Robot (mst3k)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
