Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!
Learn how Concerto can help you.
Solved
Run a script with admin rights
Posted on 2009-04-07
Dear All,
I already posted a question regarding a problem I face which is in the following:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24283794.html
In summary users need to have admin rights to run such a script, how to accomplish this since the users doesn't have admin rights on their machines? and I don't know their computer names?
I already posted a question regarding a problem I face which is in the following:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24283794.html
In summary users need to have admin rights to run such a script, how to accomplish this since the users doesn't have admin rights on their machines? and I don't know their computer names?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
9
-
8
17 Comments
Active today
Use a GPO to apply a *computer* *startup* script to the machines in question. Unlike login scripts, startup scripts run in the system's security context, and the system has the necessary permissions to add files to the system32 folder.
I did the following:
create a startup script at computers stratup with the following:
copy \\DC(IP)\netlogon\Filename
copy \\DC(IP)\netlogon\Filename
copy \\DC(IP)\netlogon\Filename
apply this group policy for computers but still I couldn't see the files copied to the machines which I apply the froup policy into it, did I miss something?
create a startup script at computers stratup with the following:
copy \\DC(IP)\netlogon\Filename
copy \\DC(IP)\netlogon\Filename
copy \\DC(IP)\netlogon\Filename
apply this group policy for computers but still I couldn't see the files copied to the machines which I apply the froup policy into it, did I miss something?
Active today
The syntax looks okay. If the file names contain spaces, you need to enclose them in quotes, and you might want to take %Systemroot% instead of C:\Windows
Save the script as startup.cmd or whatever.cmd in the netlogon share, then set the policy to run (obviously replacing your.domain.local with your domain name)
\\your.domain.local\netlog
In addition, you might want to create a log file; if there is no file with the name of the script and the extension .log in %Systemroot%\Temp after a reboot of the machine, you need to check your event log and your group policies, because the script isn't running.
Save the script as startup.cmd or whatever.cmd in the netlogon share, then set the policy to run (obviously replacing your.domain.local with your domain name)
\\your.domain.local\netlog
In addition, you might want to create a log file; if there is no file with the name of the script and the extension .log in %Systemroot%\Temp after a reboot of the machine, you need to check your event log and your group policies, because the script isn't running.
set LogFile=%Systemroot%\Temp\%~n0.log
>>"%LogFile%" echo %Date% %Time%: Startup script started
copy "\\DC(IP)\netlogon\Filename1" "%Systemroot%\system32" >>"%LogFile%"
copy "\\DC(IP)\netlogon\Filename2" "%Systemroot%\system32" >>"%LogFile%"
copy "\\DC(IP)\netlogon\Filename3" "%Systemroot%\system32" >>"%LogFile%"
oBdA it display the following error messages:
Wed 04/08/2009 7:29:22.72: Startup script started
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Wed 04/08/2009 7:29:22.72: Startup script started
Access is denied.
Access is denied.
Access is denied.
Access is denied.
Active today
Try the following script, it will give you a detailed log about which permissions are missing.
Just adjust SourceFolder variable (no quotes around the path) and the source files (each file separated by a space from the next, quotes around each file name if it contains a space).
Just adjust SourceFolder variable (no quotes around the path) and the source files (each file separated by a space from the next, quotes around each file name if it contains a space).
set LogFile=%Systemroot%\Temp\%~n0.log
>>"%LogFile%" echo %Date% %Time%: Startup script started
set SourceFolder=\\DC(IP)\netlogon
set SourceFiles="Filename 1" "Filename 2" "Filename 3"
set TargetFolder=%Systemroot%\system32
>>"%LogFile%" echo Profile: %UserProfile%
>>"%LogFile%" echo Source folder directory listing:
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%SourceFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Target folder directory listing:
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%TargetFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Testing write access to target folder:
copy "%~f0" "%TargetFolder%" >>"%LogFile%"
if errorlevel 1 (
>>"%LogFile%" echo Unable to write to "%TargetFolder%"; current permissions:
cacls "%TargetFolder%" >>"%LogFile%" 2>&1
goto :eof
)
>>"%LogFile%" echo Permissions verified.
del "%TargetFolder%\%~nx0"
for %%a in (%SourceFiles%) do (
>>"%LogFile%" echo Copying %%~a ...
copy "%SourceFolder%\%%~a" "%TargetFolder%" >>"%LogFile%"
)
Hi oBdA
I configure the script as below:
But it display the following error, even I I run login to the PC with a domain admin rights:
Thu 04/09/2009 8:32:45.53: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\netlogon"; exiting script.
I configure the script as below:
But it display the following error, even I I run login to the PC with a domain admin rights:
Thu 04/09/2009 8:32:45.53: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\netlogon"; exiting script.
set LogFile=%Systemroot%\Temp\%~n0.log
>>"%LogFile%" echo %Date% %Time%: Startup script started
set SourceFolder=\\172.16.2.1\netlogon
set SourceFiles="piot2.dll" "xeres-c1.dll" "locale-1-20.dll"
set TargetFolder=%Systemroot%\system32
>>"%LogFile%" echo Profile: %UserProfile%
>>"%LogFile%" echo Source folder directory listing:
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%SourceFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Target folder directory listing:
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%TargetFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Testing write access to target folder:
copy "%~f0" "%TargetFolder%" >>"%LogFile%"
if errorlevel 1 (
>>"%LogFile%" echo Unable to write to "%TargetFolder%"; current permissions:
cacls "%TargetFolder%" >>"%LogFile%" 2>&1
goto :eof
)
>>"%LogFile%" echo Permissions verified.
del "%TargetFolder%\%~nx0"
for %%a in (%SourceFiles%) do (
>>"%LogFile%" echo Copying %%~a ...
copy "%SourceFolder%\%%~a" "%TargetFolder%" >>"%LogFile%"
)
Active today
Then somebody changed the permissions of the netlogon folder. "Authenticated Users" have to have Read permissions (and this is configured by default), this is not the case with your netlogon share. You need to investigate what happened with these permissions, and change them back to their defaults.
This article might help, but make sure you have a working backup of your DC(s) should you decide to implement it:
Reapply Default SYSVOL Security Settings
http://technet.microsoft.com/en-us/library/cc816750.aspx
This article might help, but make sure you have a working backup of your DC(s) should you decide to implement it:
Reapply Default SYSVOL Security Settings
http://technet.microsoft.com/en-us/library/cc816750.aspx
Hi oBdA, and thanks for your support
I checked the permissions, there is everyone with Read only access on the NETLOGON folder, also I login with a domain admin rights to the PC and when I execute \\IP\netlogon I was able to browse the folder and see the files.
I checked the permissions, there is everyone with Read only access on the NETLOGON folder, also I login with a domain admin rights to the PC and when I execute \\IP\netlogon I was able to browse the folder and see the files.
Active today
Create a share "Test" on your DC, share it as Test, and add "Authenticated Users" with Read permissions to this folder.
Put the files into this folder, and set SourceFolder to \\172.16.2.1\Test (see script below).
Try again.
Put the files into this folder, and set SourceFolder to \\172.16.2.1\Test (see script below).
Try again.
set LogFile=%Systemroot%\Temp\%~n0.log
>>"%LogFile%" echo %Date% %Time%: Startup script started
>>"%LogFile%" echo Script: %~dpnx0
set SourceFolder=\\172.16.2.1\Test
set SourceFiles="piot2.dll" "xeres-c1.dll" "locale-1-20.dll"
set TargetFolder=%Systemroot%\system32
>>"%LogFile%" echo Profile: %UserProfile%
>>"%LogFile%" echo Source folder directory listing "%SourceFolder%":
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%SourceFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Target folder directory listing:
dir "%SourceFolder%" >>"%LogFile%" 2>&1
if errorlevel 1 (
>>"%LogFile%" echo Unable to read from "%TargetFolder%"; exiting script.
goto :eof
)
>>"%LogFile%" echo Testing write access to target folder:
copy "%~f0" "%TargetFolder%" >>"%LogFile%"
if errorlevel 1 (
>>"%LogFile%" echo Unable to write to "%TargetFolder%"; current permissions:
cacls "%TargetFolder%" >>"%LogFile%" 2>&1
goto :eof
)
>>"%LogFile%" echo Permissions verified.
del "%TargetFolder%\%~nx0"
for %%a in (%SourceFiles%) do (
>>"%LogFile%" echo Copying %%~a ...
copy "%SourceFolder%\%%~a" "%TargetFolder%" >>"%LogFile%"
)
same error message, but now the folder change Unable to read from "\\172.16.2.1\test"; exiting script.
strange problem !!!
strange problem !!!
oBdA,
Even if I change the directory from %Systemroot%\system32 to c:\dell I got the same error.
Even if I change the directory from %Systemroot%\system32 to c:\dell I got the same error.
Thu 04/09/2009 10:06:52.24: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\netlogon"; exiting script.
Thu 04/09/2009 14:24:25.12: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\test"; exiting script.
Thu 04/09/2009 14:32:10.36: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\test"; exiting script.
Thu 04/09/2009 14:38:43.60: Startup script started
Profile: C:\Documents and Settings\Default User
Source folder directory listing:
Access is denied.
Unable to read from "\\172.16.2.1\test"; exiting script.
Active today
Did you add "Authenticated Users" (NOT "Users" or "Domain Users") with Read permissions to the test folder?
Are the Share permissions configured to allow at least Read permissions to Everyone?
The *computer* *account* needs acccess to the shared folder (domain computers are members of Authenticated Users as well).
Are the Share permissions configured to allow at least Read permissions to Everyone?
The *computer* *account* needs acccess to the shared folder (domain computers are members of Authenticated Users as well).
Yes, I already checked it, but still I face the same issue.
oBdA,
if I collect the computer names, is it possible to install these files remotely on these computers using a domain admin privilages?
oBdA,
if I collect the computer names, is it possible to install these files remotely on these computers using a domain admin privilages?
Active today
Yes; simply put the machine names into a text file (one name per line). Define the location of this file in MachineFile. SourceFolder can be changed to a local folder on the machine you're running the script on.
The script will create a log file (<scriptname>.log) for copies to machines that were online, and another logfile (<scriptname>.err) with a list of machines that didn't react to a ping. Old logfiles will be deleted with each new start of the script.
Try it with a list test machines first.
The script will create a log file (<scriptname>.log) for copies to machines that were online, and another logfile (<scriptname>.err) with a list of machines that didn't react to a ping. Old logfiles will be deleted with each new start of the script.
Try it with a list test machines first.
@echo off
setlocal
set MachineFile=C:\Temp\test.txt
set SourceFolder=\\172.16.2.1\Test
set SourceFiles="piot2.dll" "xeres-c1.dll" "locale-1-20.dll"
set LogFile=%~nx0.log
set FailedFile=%~nx0.err
set TargetFolder=Admin$\system32
for %%a in ("%LogFile%" "%FailedFile%") do if exist "%%~a" del "%%~a"
for /f %%a in ('type "%MachineFile%"') do (
ping -n 2 %%a | find /i "TTL" >NUL
if errorlevel 1 (
>>"%FailedFile%" echo %%a
) else (
for %%f in (%SourceFiles%) do (
>>"%LogFile%" echo -- %%a: copying %%f:
copy "%SourceFolder%\%%~f" "\\%%a\%TargetFolder%" >>"%LogFile%"
)
)
)
Featured Post
Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other? Â You don't really want to deal with DFS or a 3rd party solution like Doubletake.
You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server.
We would only need to create and run scripts using thi…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster.
To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB.
How Percona can help
Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month10 days, 5 hours left to enroll
722 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.