How do I copy file to a client's system folder using gpo

In a domain I need to copy a file (hosts) to the clients c:\windows\system32\drivers\etc.
Clients don't have local administrator rigths.
I want to use gpo
I have found script for runas. It works but when I use copy as a "command" it does not work. Also I can not call a batch file using runas

Dim objShell : Set objShell = CreateObject("Wscript.Shell")
strPassword = "password"
strCommand = "command"
 
objShell.Run "Runas /user:Administrator " & strCommand
wscript.sleep 2500 'wait 2.5 seconds
objShell.AppActivate "Runas.exe"
objShell.Sendkeys strPassword
objShell.SendKeys "~"

What should I do to finalize the method above or is there any other solution to copy file to clients?

Thank you
certuranAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

motnahp00Commented:
How about using the Files Preferences within a GPO?

Computer Configuration -> Preferences -> Windows Settings -> Files

Source file(s): \\DC1\Files\hosts
Destination File: c:\windows\system32\drivers\etc\hosts
0
certuranAuthor Commented:
For the Windows 2003 GPO "Computer Configuration -> Preferences -> Windows Settings -> Files"
is not available. We are still using 2003. Could you plese suggest another way.
Thank you
0
Daz_1234Commented:
I suggest using a computer startup script.  Startup scripts can run as the local SYSTEM user account.  Do not confuse startup script with logon scripts which run as the user.

the startup script gpo is described here:
http://www.windowsitpro.com/article/permissions/adding-startup-scripts-to-gpos

Then you can have a startup script that just runs the "copy" from a network location.  Please note that the network share needs to have read access to 'Domain Computers' in order that the local SYSTEM account can see it.

E.g. network location:   \\server1\share1\newhosts.txt  - Folder  \\server1\share1\ needs 'Domain Computers' to have read access.

Script:
Set NEWHOSTS=\\server1\share1\newhosts.txt
Copy /Y "%NEWHOSTS%" c:\windows\system32\drivers\etc\hosts 

Open in new window


Hope this helps,
Daz
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

certuranAuthor Commented:
Thank you for detailed guide. I will implement it soon possibly tomorrow. And inform you.
Certuran
0
certuranAuthor Commented:
Dear Daz, it worked well. Before choosing Accept as Solution may I ask that could it be any "User Configuration" solution.
0
Daz_1234Commented:
Startup scripts are 'Computer Configuration', necessarily because they run as System ans execute before any user has logged on.

'User Configuration' scripts can only be logon or logoff scripts which always run in the users context.  They only have access to things that the user already has access to and they run at the time the user actually logs on or off.  For example, if all your users had change access to the 'hosts' file you could have amended it using a logon script under 'User Configuration'.

Therefore you can't use a User Configuration GPO to change anything that the user does not have access to.  Plus, I believe it is good practice to use a 'per machine' solution to set 'per machine' settings, like 'Computer Configuration' GPOs (including startup and shutdown scripts), or scheduled tasks that run as SYSTEM, or a computer management tool like SCCM, Altiris etc.

Hope this helps,
Daz.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
certuranAuthor Commented:
This is the very formal and pinpoint solution of this kind of request. It worked well. Thank you very much.
certuran
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.