Solved

500 POINTS - ADD STATIC ROUTE VIA DOMAIN CONTROLLER AND GROUP POLICY

Posted on 2006-11-13
2
4,147 Views
Last Modified: 2008-01-09
I created a batch file that runs on global policy permissions under startup. It runs a simple route add statement. This works great for users that are Administrators but not at all for users that are basic users because route add statements can't be run due to a policy locking them down. Is there anyway to get this batch file to work without giving users the ability to modify any other network settings on there pc, or is there a way I can get group policy to just write this static route directly without requiring a batch file?

The computers are all Windows XP Professional SP2 and the AD is on Windows 2003 SP1.
0
Comment
Question by:ScubeduFan
2 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17932107
I would recommend to use the sysinternals tool PSEXEC for this;

http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/PsExec.mspx

download the tool and it would be something like this;

1. From the AD extract all the computer names and store it in a file (You can get this from AD admin tool)

2. Download psexec and just run it like this from your machine;

psexec @filewithcomputernames -u administrator -p <password> route.bat

You can use the same batch file which you used earlier.

Cheers,
Rajesh
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 17932449
Define the script in a policy as a *computer* startup script (and apply it to the OU with the client machines in it), not as a user logon script. The computer startup script runs with System account permissions, which makes it possible to change the route.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question