<div>
Many thanks for that. &nbsp;I'll need to do some testing of this next week.<br />
I had initially presumed the computer account would be allowed to edit its own AD description, though Effective Permissions then showed this not to be the case. &nbsp;I also wasn't completely sure whether the script ran as Computer or as System.<br />
I'll read up on the use of &quot;Self&quot; too and will be back in touch when I've tried it all out properly.<br />

</div>


Many thanks for that.  I'll need to do some testing of this next week.
I had initially presumed the computer account would be allowed to edit its own AD description, though Effective Permissions then showed this not to be the case.  I also wasn't completely sure whether the script ran as Computer or as System.
I'll read up on the use of "Self" too and will be back in touch when I've tried it all out properly.


<div>
Sorry I left this unclosed so long. &nbsp;Thanks for your help.
</div>


Sorry I left this unclosed so long.  Thanks for your help.

<div>
<div class="content wysiwyg-content">
I'm trying to use a Startup Script deployed to workstations through Group Policy to synchronise the locallly-configured computer description to the description field of the computer account in Active Directory.<br />
<br />
It fails with error 0x80070005 (General Access Denied error) but will run manually as domain admin. &nbsp;The business-end of the script is attached.<br />
<br />
Any idea what the problem is and how to best get around it?<br />

<pre><code id="code-773324">Set objSysInfo = CreateObject(&quot;ADSystemInfo&quot;)
strComputerDN = objSysInfo.ComputerName
Set objComputer = GetObject(&quot;LDAP://&quot; &amp; strComputerDN)
objComputer.Put &quot;description&quot;, strLocalDescription
objComputer.SetInfo
</code></pre>
</div>
</div>


I'm trying to use a Startup Script deployed to workstations through Group Policy to synchronise the locallly-configured computer description to the description field of the computer account in Active Directory.

It fails with error 0x80070005 (General Access Denied error) but will run manually as domain admin.  The business-end of the script is attached.

Any idea what the problem is and how to best get around it?

Startup Script to set Description of Computer Account in Active Directory

VBScript (Visual Basic Scripting Edition) is an interpreted scripting language developed by Microsoft that is modeled on Visual Basic, but with some important differences. VBScript is commonly used for automating administrative and other tasks in Windows operating systems (by means of the Windows Script Host) and for server-side scripting in ASP web applications. It is also used for client-side scripting in Internet Explorer, specifically in intranet web applications.

VB Script

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Microsoft Windows XP is the sixth release of the NT series of operating systems, and was the first to be marketed in a variety of editions: XP Home and XP Professional, designed for business and power users. The advanced features in XP Professional are generally disabled in Home Edition, but are there and can be activated. There were two 64-bit editions, an embedded edition and a tablet edition.