[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 880
  • Last Modified:

copy file to system32 folder of workstations

As part of my server logon script, I want to be able to copy a file from the server to the system32\Drivers\etc folder on the local workstation. My vbs script using filesystemobject copyfile works great as long as the person logs in is an administrator where they have read/write/modify permissions on that folder, but fails for someone with read only permissions. How can I copy this file to the workstation on logon?
0
BradleyCleveland
Asked:
BradleyCleveland
  • 2
  • 2
1 Solution
 
kevinhsiehCommented:
Change it from a logon script to a startup script under the machine configuration. The script will run the next time the machine boots.
0
 
shudmanCommented:
You could make use of Group Policy Preferences to copy the file across too. You didn't say whether this was the same file every time, or whether the source changes.
0
 
BradleyClevelandAuthor Commented:
The destination file is always the same.  C:\windows\system32\drivers\etc\hosts.
The source file will vary depending on the AD group of the employee logging in.
0
 
kevinhsiehCommented:
Either a startup script or GPO file preference will work, but these are MACHINE properties, not employee settings. If you really need to make the hosts file dependent on the user and not the machine, you can use GPO file security to give users modify access to the etc directory, in which case your login script will work.

I am sure that malware and other malicious users would love to have access to the hosts file, so it would be better if users didn't have access to change it.
0
 
BradleyClevelandAuthor Commented:
What I am doing is copying restricted copy of the hosts file on machine startup (doesn't matter who logs in). then only if an employee with administrator access logs, I copy the unrestricted hosts file to the machine.  If anyone besides an administratror needs access to the blocked websites, then I will go to that machine, give them permissions on that folder and include them with administrators in my script to copy over the unstricted hosts file.  This plan isn't working as smoothly as I had hoped, but it will suffice for now until I get time to research internet policy software and decide what will work best for our agency
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now