Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How do I copy file to a client's system folder using gpo

Posted on 2012-03-30
7
Medium Priority
?
4,168 Views
Last Modified: 2012-04-03
In a domain I need to copy a file (hosts) to the clients c:\windows\system32\drivers\etc.
Clients don't have local administrator rigths.
I want to use gpo
I have found script for runas. It works but when I use copy as a "command" it does not work. Also I can not call a batch file using runas

Dim objShell : Set objShell = CreateObject("Wscript.Shell")
strPassword = "password"
strCommand = "command"
 
objShell.Run "Runas /user:Administrator " & strCommand
wscript.sleep 2500 'wait 2.5 seconds
objShell.AppActivate "Runas.exe"
objShell.Sendkeys strPassword
objShell.SendKeys "~"

What should I do to finalize the method above or is there any other solution to copy file to clients?

Thank you
0
Comment
Question by:certuran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37789479
How about using the Files Preferences within a GPO?

Computer Configuration -> Preferences -> Windows Settings -> Files

Source file(s): \\DC1\Files\hosts
Destination File: c:\windows\system32\drivers\etc\hosts
0
 

Author Comment

by:certuran
ID: 37790670
For the Windows 2003 GPO "Computer Configuration -> Preferences -> Windows Settings -> Files"
is not available. We are still using 2003. Could you plese suggest another way.
Thank you
0
 
LVL 13

Expert Comment

by:Daz_1234
ID: 37791119
I suggest using a computer startup script.  Startup scripts can run as the local SYSTEM user account.  Do not confuse startup script with logon scripts which run as the user.

the startup script gpo is described here:
http://www.windowsitpro.com/article/permissions/adding-startup-scripts-to-gpos

Then you can have a startup script that just runs the "copy" from a network location.  Please note that the network share needs to have read access to 'Domain Computers' in order that the local SYSTEM account can see it.

E.g. network location:   \\server1\share1\newhosts.txt  - Folder  \\server1\share1\ needs 'Domain Computers' to have read access.

Script:
Set NEWHOSTS=\\server1\share1\newhosts.txt
Copy /Y "%NEWHOSTS%" c:\windows\system32\drivers\etc\hosts 

Open in new window


Hope this helps,
Daz
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:certuran
ID: 37792995
Thank you for detailed guide. I will implement it soon possibly tomorrow. And inform you.
Certuran
0
 

Author Comment

by:certuran
ID: 37796025
Dear Daz, it worked well. Before choosing Accept as Solution may I ask that could it be any "User Configuration" solution.
0
 
LVL 13

Accepted Solution

by:
Daz_1234 earned 2000 total points
ID: 37796323
Startup scripts are 'Computer Configuration', necessarily because they run as System ans execute before any user has logged on.

'User Configuration' scripts can only be logon or logoff scripts which always run in the users context.  They only have access to things that the user already has access to and they run at the time the user actually logs on or off.  For example, if all your users had change access to the 'hosts' file you could have amended it using a logon script under 'User Configuration'.

Therefore you can't use a User Configuration GPO to change anything that the user does not have access to.  Plus, I believe it is good practice to use a 'per machine' solution to set 'per machine' settings, like 'Computer Configuration' GPOs (including startup and shutdown scripts), or scheduled tasks that run as SYSTEM, or a computer management tool like SCCM, Altiris etc.

Hope this helps,
Daz.
0
 

Author Closing Comment

by:certuran
ID: 37803823
This is the very formal and pinpoint solution of this kind of request. It worked well. Thank you very much.
certuran
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question