Solved

How do I copy file to a client's system folder using gpo

Posted on 2012-03-30
7
2,841 Views
Last Modified: 2012-04-03
In a domain I need to copy a file (hosts) to the clients c:\windows\system32\drivers\etc.
Clients don't have local administrator rigths.
I want to use gpo
I have found script for runas. It works but when I use copy as a "command" it does not work. Also I can not call a batch file using runas

Dim objShell : Set objShell = CreateObject("Wscript.Shell")
strPassword = "password"
strCommand = "command"
 
objShell.Run "Runas /user:Administrator " & strCommand
wscript.sleep 2500 'wait 2.5 seconds
objShell.AppActivate "Runas.exe"
objShell.Sendkeys strPassword
objShell.SendKeys "~"

What should I do to finalize the method above or is there any other solution to copy file to clients?

Thank you
0
Comment
Question by:certuran
  • 4
  • 2
7 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37789479
How about using the Files Preferences within a GPO?

Computer Configuration -> Preferences -> Windows Settings -> Files

Source file(s): \\DC1\Files\hosts
Destination File: c:\windows\system32\drivers\etc\hosts
0
 

Author Comment

by:certuran
ID: 37790670
For the Windows 2003 GPO "Computer Configuration -> Preferences -> Windows Settings -> Files"
is not available. We are still using 2003. Could you plese suggest another way.
Thank you
0
 
LVL 12

Expert Comment

by:Daz_1234
ID: 37791119
I suggest using a computer startup script.  Startup scripts can run as the local SYSTEM user account.  Do not confuse startup script with logon scripts which run as the user.

the startup script gpo is described here:
http://www.windowsitpro.com/article/permissions/adding-startup-scripts-to-gpos

Then you can have a startup script that just runs the "copy" from a network location.  Please note that the network share needs to have read access to 'Domain Computers' in order that the local SYSTEM account can see it.

E.g. network location:   \\server1\share1\newhosts.txt  - Folder  \\server1\share1\ needs 'Domain Computers' to have read access.

Script:
Set NEWHOSTS=\\server1\share1\newhosts.txt
Copy /Y "%NEWHOSTS%" c:\windows\system32\drivers\etc\hosts 

Open in new window


Hope this helps,
Daz
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:certuran
ID: 37792995
Thank you for detailed guide. I will implement it soon possibly tomorrow. And inform you.
Certuran
0
 

Author Comment

by:certuran
ID: 37796025
Dear Daz, it worked well. Before choosing Accept as Solution may I ask that could it be any "User Configuration" solution.
0
 
LVL 12

Accepted Solution

by:
Daz_1234 earned 500 total points
ID: 37796323
Startup scripts are 'Computer Configuration', necessarily because they run as System ans execute before any user has logged on.

'User Configuration' scripts can only be logon or logoff scripts which always run in the users context.  They only have access to things that the user already has access to and they run at the time the user actually logs on or off.  For example, if all your users had change access to the 'hosts' file you could have amended it using a logon script under 'User Configuration'.

Therefore you can't use a User Configuration GPO to change anything that the user does not have access to.  Plus, I believe it is good practice to use a 'per machine' solution to set 'per machine' settings, like 'Computer Configuration' GPOs (including startup and shutdown scripts), or scheduled tasks that run as SYSTEM, or a computer management tool like SCCM, Altiris etc.

Hope this helps,
Daz.
0
 

Author Closing Comment

by:certuran
ID: 37803823
This is the very formal and pinpoint solution of this kind of request. It worked well. Thank you very much.
certuran
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now