Run EXE from GPO logon script

ejcrist
ejcrist used Ask the Experts™
on
Got a Windows 2008r2 small AD

All student laptops are Windows 10

I need to run an exe as a 'logon' script through a GPO.

The user logging on wiil NOT have admin rights to run exe's

What's the best practice for doing this?

Thanks so much!!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Systems Admin
Top Expert 2010
Commented:
Preferred method is to repackage the EXE as an MSI file. https://emcosoftware.com/msi-package-builder has a utility that can help with this. The process is to install the utility, create a before image, install the application, create an after image, and the utility will detect what changes are made by the installation and package them up into an MSI file. You can then deploy that MSI file using GPO.

Otherwise, you would need to have SCCM or some other system management solution in place.
Distinguished Expert 2018

Commented:
Run an .exe to do what, install something? Anyone may run executables if they aren't setups.

Author

Commented:
It's a little exe that scans the hardware/software of the laptop to then report to our new asset management system.
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Distinguished Expert 2018

Commented:
And will that exe need elevation in order to create the report?

Author

Commented:
Well, by default, student logins do not have admin privileges to run exe's.
Distinguished Expert 2018

Commented:
So those .exe files are setups?
Distinguished Expert 2018

Commented:
No, you said they are not setups. That's why I asked if admin permissions are needed for the exe to work. Please confirm.
Distinguished Expert 2018

Commented:
You should use a startup script, not a logon script and it will work.

Author

Commented:
This is the instructions provided....I'm confused because it says it is run as a 'logon' script....

To configure SelfScan.exe to run as an Active Directory logon script,
 
From your domain controller, head to Group Policy Management Console.
In the console tree, right click on the domain or OU and create a new GPO.
Type in a new name for the GPO and click OK.
Right click on the newly created GPO and click Edit.
In the new window that pops up, go to User Configuration>>Policies>>Windows Settings>>Scripts. Double click logon.
New logon properties will open up. Click on Add.
Click Browse. A windows explorer tab will open.
Copy and paste the SelfScan.exe file to this folder.
Select SelfScan.exe.
In the script parameters field, type the Probe installation system name (e.g.,"SDPOD-WIN10") and click OK.
Once it’s done click on OK in the Logon properties window.
Distinguished Expert 2018

Commented:
These instructions, did you try them? If they don't work, just use a startup script, same place but in the computer config part of the GPO.
Distinguished Expert 2018

Commented:
What did you do to solve it?
A startup script would have worked for sure.

A little feedback should be given.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial