Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Powershell Logon Script under Windows XP

Posted on 2011-09-12
3
Medium Priority
?
891 Views
Last Modified: 2012-05-12
I would like to run a Powershell Logon Script on a group of our Windows XP clients.  The XP clients are joined to our domain server which is running Server 2008 R2.  My problem is that XP does not seem to support the AD Logon Script Tab that is specifically for Powershell scripts.

My 'work around' was to use the normal logon script tab and call my script as a "Script Parameter" to powershell.exe.  This was working until I tested the policy on a user account which has the powershell.exe program blocked as not allowed to run.  We block powershell.exe so that users cannot get into powershell and run commands through it.

Is there a better way for me to restrict my users from using powershell but still be able to run my powershell script as a LOGON script?

I realize this is a rather long question, also with the number of things involved I had difficulty placing it in the right zone.  Sorry if I got the zone wrong.
0
Comment
Question by:januismer
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 36567191
Since you are attempting to run a PS script, you need to call the PS exe and pass the script parameters to it.  You should unblock the exe on the workstations so it can run.

A normal user can't do a whole lot with PS, so I wouldn't be concerned with that.  Besides, if any user really figures out how to use PS you should bring them onto your IT Team!

0
 
LVL 1

Author Comment

by:januismer
ID: 36569006
Netman66, unfortunately our environment is a school and as you may know, anything that a student can get access to they will use to mess with your systems and circumvent your security.  We cannot take the risk that a student user may gain access to Powershell and begin running commands through it.

It is starting to look like I may just have to bite the bullet and re-create my scripts in a non-powershell language.  Any more comments are still appreciated.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 36569124
While I agree that schools are a challenge, you can't do anything Administratively without Admin rights.

Since you know a fair bit about PS already, try running it as a normal user and see what you can do that is not something they can already do using the GUI.

0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question