Solved

How do I copy file to a client's system folder using gpo

Posted on 2012-03-30
7
3,503 Views
Last Modified: 2012-04-03
In a domain I need to copy a file (hosts) to the clients c:\windows\system32\drivers\etc.
Clients don't have local administrator rigths.
I want to use gpo
I have found script for runas. It works but when I use copy as a "command" it does not work. Also I can not call a batch file using runas

Dim objShell : Set objShell = CreateObject("Wscript.Shell")
strPassword = "password"
strCommand = "command"
 
objShell.Run "Runas /user:Administrator " & strCommand
wscript.sleep 2500 'wait 2.5 seconds
objShell.AppActivate "Runas.exe"
objShell.Sendkeys strPassword
objShell.SendKeys "~"

What should I do to finalize the method above or is there any other solution to copy file to clients?

Thank you
0
Comment
Question by:certuran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37789479
How about using the Files Preferences within a GPO?

Computer Configuration -> Preferences -> Windows Settings -> Files

Source file(s): \\DC1\Files\hosts
Destination File: c:\windows\system32\drivers\etc\hosts
0
 

Author Comment

by:certuran
ID: 37790670
For the Windows 2003 GPO "Computer Configuration -> Preferences -> Windows Settings -> Files"
is not available. We are still using 2003. Could you plese suggest another way.
Thank you
0
 
LVL 13

Expert Comment

by:Daz_1234
ID: 37791119
I suggest using a computer startup script.  Startup scripts can run as the local SYSTEM user account.  Do not confuse startup script with logon scripts which run as the user.

the startup script gpo is described here:
http://www.windowsitpro.com/article/permissions/adding-startup-scripts-to-gpos

Then you can have a startup script that just runs the "copy" from a network location.  Please note that the network share needs to have read access to 'Domain Computers' in order that the local SYSTEM account can see it.

E.g. network location:   \\server1\share1\newhosts.txt  - Folder  \\server1\share1\ needs 'Domain Computers' to have read access.

Script:
Set NEWHOSTS=\\server1\share1\newhosts.txt
Copy /Y "%NEWHOSTS%" c:\windows\system32\drivers\etc\hosts 

Open in new window


Hope this helps,
Daz
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:certuran
ID: 37792995
Thank you for detailed guide. I will implement it soon possibly tomorrow. And inform you.
Certuran
0
 

Author Comment

by:certuran
ID: 37796025
Dear Daz, it worked well. Before choosing Accept as Solution may I ask that could it be any "User Configuration" solution.
0
 
LVL 13

Accepted Solution

by:
Daz_1234 earned 500 total points
ID: 37796323
Startup scripts are 'Computer Configuration', necessarily because they run as System ans execute before any user has logged on.

'User Configuration' scripts can only be logon or logoff scripts which always run in the users context.  They only have access to things that the user already has access to and they run at the time the user actually logs on or off.  For example, if all your users had change access to the 'hosts' file you could have amended it using a logon script under 'User Configuration'.

Therefore you can't use a User Configuration GPO to change anything that the user does not have access to.  Plus, I believe it is good practice to use a 'per machine' solution to set 'per machine' settings, like 'Computer Configuration' GPOs (including startup and shutdown scripts), or scheduled tasks that run as SYSTEM, or a computer management tool like SCCM, Altiris etc.

Hope this helps,
Daz.
0
 

Author Closing Comment

by:certuran
ID: 37803823
This is the very formal and pinpoint solution of this kind of request. It worked well. Thank you very much.
certuran
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question