• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 910
  • Last Modified:

Powershell Logon Script under Windows XP

I would like to run a Powershell Logon Script on a group of our Windows XP clients.  The XP clients are joined to our domain server which is running Server 2008 R2.  My problem is that XP does not seem to support the AD Logon Script Tab that is specifically for Powershell scripts.

My 'work around' was to use the normal logon script tab and call my script as a "Script Parameter" to powershell.exe.  This was working until I tested the policy on a user account which has the powershell.exe program blocked as not allowed to run.  We block powershell.exe so that users cannot get into powershell and run commands through it.

Is there a better way for me to restrict my users from using powershell but still be able to run my powershell script as a LOGON script?

I realize this is a rather long question, also with the number of things involved I had difficulty placing it in the right zone.  Sorry if I got the zone wrong.
0
januismer
Asked:
januismer
  • 2
1 Solution
 
Netman66Commented:
Since you are attempting to run a PS script, you need to call the PS exe and pass the script parameters to it.  You should unblock the exe on the workstations so it can run.

A normal user can't do a whole lot with PS, so I wouldn't be concerned with that.  Besides, if any user really figures out how to use PS you should bring them onto your IT Team!

0
 
januismerAuthor Commented:
Netman66, unfortunately our environment is a school and as you may know, anything that a student can get access to they will use to mess with your systems and circumvent your security.  We cannot take the risk that a student user may gain access to Powershell and begin running commands through it.

It is starting to look like I may just have to bite the bullet and re-create my scripts in a non-powershell language.  Any more comments are still appreciated.
0
 
Netman66Commented:
While I agree that schools are a challenge, you can't do anything Administratively without Admin rights.

Since you know a fair bit about PS already, try running it as a normal user and see what you can do that is not something they can already do using the GUI.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now