David
asked on
elevated privileges not working in VB logon script
I found myself unable to modify the registry or any other function that requires elevated privileges via a VB logon script at a client’s network however I can use the logon script to map network drives and other functions that can be executed by local users and do not require elevated privileges.
For Example when I map the attached code as logon script I get the error message "The operation failed.0" at logon
When I execute the same script manually after the logon I get the message that it worked and it dos create the key.
I got the same results after removing the Symantec Anti-Virus Client, is there any software restriction policy in Windows 7 that would explain this behavior?
(The Account I am using has local Admin Privileges)
For Example when I map the attached code as logon script I get the error message "The operation failed.0" at logon
When I execute the same script manually after the logon I get the message that it worked and it dos create the key.
I got the same results after removing the Symantec Anti-Virus Client, is there any software restriction policy in Windows 7 that would explain this behavior?
(The Account I am using has local Admin Privileges)
HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set ObjRegistry = _
GetObject("winmgmts:{impersonationLevel = impersonate}!\\" _
& strComputer & "\root\default:StdRegProv")
strPath = "SOFTWARE\ScriptLogic\Device Agent\Global Settings\TEST"
Return = objRegistry.CreateKey(HKEY_LOCAL_MACHINE, strPath)
If Return <> 0 Then
WScript.Echo "The operation failed." & Err.Number
WScript.Quit
Else
wScript.Echo "New registry key created" & VBCRLF _
& "HKLM\SOFTWARE\MYKey\"
End IfASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
kevinhsieh
I do not recommend that you turn off UAC.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
None of my startup scripts are under netlogon. They are in the normal location with the group policy files, which by default any can be read by at least every computer and user.
clarification.... what i meant is that any files other than the script itself.
one of my scripts copies and installs a DLL into each PC: the source location of the DLL has to be accessible by all.
another logs its actions to a network file: the log file is in NetLogon.
one of my scripts copies and installs a DLL into each PC: the source location of the DLL has to be accessible by all.
another logs its actions to a network file: the log file is in NetLogon.
The other files placed alongside the startup script are accessible to the script. I do it all the time. I have startup scripts that copy DLL, EXE, etc. without issue. That area isn't generally WRITEABLE, however. Writing to NETLOGON might be less than ideal if you have more than one domain controller as your logs will end up on multiple servers.