Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Powershell Logon Script under Windows XP

Posted on 2011-09-12
3
Medium Priority
?
888 Views
Last Modified: 2012-05-12
I would like to run a Powershell Logon Script on a group of our Windows XP clients.  The XP clients are joined to our domain server which is running Server 2008 R2.  My problem is that XP does not seem to support the AD Logon Script Tab that is specifically for Powershell scripts.

My 'work around' was to use the normal logon script tab and call my script as a "Script Parameter" to powershell.exe.  This was working until I tested the policy on a user account which has the powershell.exe program blocked as not allowed to run.  We block powershell.exe so that users cannot get into powershell and run commands through it.

Is there a better way for me to restrict my users from using powershell but still be able to run my powershell script as a LOGON script?

I realize this is a rather long question, also with the number of things involved I had difficulty placing it in the right zone.  Sorry if I got the zone wrong.
0
Comment
Question by:januismer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 36567191
Since you are attempting to run a PS script, you need to call the PS exe and pass the script parameters to it.  You should unblock the exe on the workstations so it can run.

A normal user can't do a whole lot with PS, so I wouldn't be concerned with that.  Besides, if any user really figures out how to use PS you should bring them onto your IT Team!

0
 
LVL 1

Author Comment

by:januismer
ID: 36569006
Netman66, unfortunately our environment is a school and as you may know, anything that a student can get access to they will use to mess with your systems and circumvent your security.  We cannot take the risk that a student user may gain access to Powershell and begin running commands through it.

It is starting to look like I may just have to bite the bullet and re-create my scripts in a non-powershell language.  Any more comments are still appreciated.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 36569124
While I agree that schools are a challenge, you can't do anything Administratively without Admin rights.

Since you know a fair bit about PS already, try running it as a normal user and see what you can do that is not something they can already do using the GUI.

0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question