ADMs and GPOs
Is the limit of effect of an ADM script the writing/reading of a target system's registry? Or, are there FSO (file system) or WMI elemets which can be manipulated?
Thank you!
JohnD
Thank you!
JohnD
McKnife
You can for example set permissions on files through computer config - windows settings - security settings
ASKER
Thanks McKnife. I know about GPOs, but am unsure about my options in importing a Administrative rule (ADM script) into a particular GPO?
You can have an ADM that is a system policy, yes. When you import it, you'll need to make sure your Filtering is set in Group Policy Editor - uncheck the box for "only show policy settings that can be fully managed". This should allow you to see any custom work.
ASKER
Does the ADM only allow for registry edits on clients?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ahh, then if I can call a VBScript from an ADM, the sky is the limit since I have access to all the methods and properties it can access through WMI, FSO and ADSI!
You bet.
You have 4 choices.
Computer Configuration>Windows Settings>Scripts = Startup or Shutdown
User Configuration>Windows Settings>Scripts = Logon or Logoff
The computer scripts execute in the SYSTEM context - keep in mind to use UNC paths in the scripts since no mapped drives exist outside a profile.
The User scripts execute in the context of the user unless elevated using runas or impersonate.
Have fun!
You have 4 choices.
Computer Configuration>Windows Settings>Scripts = Startup or Shutdown
User Configuration>Windows Settings>Scripts = Logon or Logoff
The computer scripts execute in the SYSTEM context - keep in mind to use UNC paths in the scripts since no mapped drives exist outside a profile.
The User scripts execute in the context of the user unless elevated using runas or impersonate.
Have fun!