Solved

Powershell Logon Script under Windows XP

Posted on 2011-09-12
3
863 Views
Last Modified: 2012-05-12
I would like to run a Powershell Logon Script on a group of our Windows XP clients.  The XP clients are joined to our domain server which is running Server 2008 R2.  My problem is that XP does not seem to support the AD Logon Script Tab that is specifically for Powershell scripts.

My 'work around' was to use the normal logon script tab and call my script as a "Script Parameter" to powershell.exe.  This was working until I tested the policy on a user account which has the powershell.exe program blocked as not allowed to run.  We block powershell.exe so that users cannot get into powershell and run commands through it.

Is there a better way for me to restrict my users from using powershell but still be able to run my powershell script as a LOGON script?

I realize this is a rather long question, also with the number of things involved I had difficulty placing it in the right zone.  Sorry if I got the zone wrong.
0
Comment
Question by:januismer
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 36567191
Since you are attempting to run a PS script, you need to call the PS exe and pass the script parameters to it.  You should unblock the exe on the workstations so it can run.

A normal user can't do a whole lot with PS, so I wouldn't be concerned with that.  Besides, if any user really figures out how to use PS you should bring them onto your IT Team!

0
 
LVL 1

Author Comment

by:januismer
ID: 36569006
Netman66, unfortunately our environment is a school and as you may know, anything that a student can get access to they will use to mess with your systems and circumvent your security.  We cannot take the risk that a student user may gain access to Powershell and begin running commands through it.

It is starting to look like I may just have to bite the bullet and re-create my scripts in a non-powershell language.  Any more comments are still appreciated.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 36569124
While I agree that schools are a challenge, you can't do anything Administratively without Admin rights.

Since you know a fair bit about PS already, try running it as a normal user and see what you can do that is not something they can already do using the GUI.

0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now