Login as user but run login script portions with Domain Admins Permissions

Discussion in 'Scripting' started by Steven Sutherland, Jul 14, 2003.

  1. Hello,

    NT 4 domain, login scripts are cmd files, not using WMI or
    Host Scripting, users are local admins on their PC but not
    on common use PC. When user logs into their PC their login
    script runs with needed permissions as they are a Local
    Administrator.

    When the user logs onto a common use PC, where they are
    not a Local Administrator, the script lacks needed
    permissions and causes the PC to reboot as it fails to
    delete files that the script is setup to delete.

    How could I create the user login script which is run from
    their User Profile via the Netlogon Folder to impersonate
    a different set of permissions (Domain Admins)in order for
    the script to complete successfully. I do not want to make
    the users Local Administrators on the common use PCs.

    Thanks for any suggestions.

    Steven Sutherland
     
    Steven Sutherland, Jul 14, 2003
    #1
    1. Advertisements

  2. Maybe you can change your script to not require admin privileges to run? It
    seems dangerous that you want to allow common users to run as domain admin
    simply for a logon script to succeed. If your script is fine with users
    running around as local admin on their machine, then you should be fine with
    allowing "Users" group read/write access to the files that they should be
    able to delete on the common use PC.

    --
    //David
    This posting is provided "AS IS" with no warranties, and confers no rights.
    //
    Hello,

    NT 4 domain, login scripts are cmd files, not using WMI or
    Host Scripting, users are local admins on their PC but not
    on common use PC. When user logs into their PC their login
    script runs with needed permissions as they are a Local
    Administrator.

    When the user logs onto a common use PC, where they are
    not a Local Administrator, the script lacks needed
    permissions and causes the PC to reboot as it fails to
    delete files that the script is setup to delete.

    How could I create the user login script which is run from
    their User Profile via the Netlogon Folder to impersonate
    a different set of permissions (Domain Admins)in order for
    the script to complete successfully. I do not want to make
    the users Local Administrators on the common use PCs.

    Thanks for any suggestions.

    Steven Sutherland
     
    David Wang [Msft], Jul 15, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.