Need assistance configuring GPO assigned script to run with admin privileges under normal domain user account
I am attempting to silently run an uninstall script via a GPO when a normal domain user logs into the device.
My understanding is that anything run at startup uses the system account and therefore the script should work fine but that is not my experience. The files copy over fine and the script runs but not with admin (install) privileges.
Any assistance to resolve this is appreciated
(See attached screenshots)
CMD file being executed:
@echo offif not exist "C:\Programdata\install_wim_tweak.exe" xcopy "\\maccrayhs\msiapps\uninstall_edge\*.*" "C:\Programdata\"echo Uninstalling Microsoft Edge...cd /d "%~dp0"echo Uninstalling Microsoft Edge...CLSC:\Programdata\install_wim_tweak.exe /o /lC:\Programdata\install_wim_tweak.exe /o /c Microsoft-Windows-Internet-Browser-Package /rC:\Programdata\install_wim_tweak.exe /h /o /l
Links are broken and I am hoping to resolve the issue without installing third-party software. Maybe that is not realistic.
Shaun Vermaak
Software deployment GPO and zap files are not 3rd party
NVIT
How do you know the cmd script isn't running? To test, I'd put a line at the top that echo's text to a file. If the file exists, with the text, it works. e.g.
@echo offECHO It works>>c:\testscript.txtif not exist "C:\Programdata\install_wim_tweak.exe" xcopy "\\maccrayhs\msiapps\uninstall_edge\*.*" "C:\Programdata\"echo Uninstalling Microsoft Edge...cd /d "%~dp0"echo Uninstalling Microsoft Edge...CLSC:\Programdata\install_wim_tweak.exe /o /lC:\Programdata\install_wim_tweak.exe /o /c Microsoft-Windows-Internet-Browser-Package /rC:\Programdata\install_wim_tweak.exe /h /o /l
It runs but does not execute the program properly. if I choose to run as administrator, it runs and executes properly. That will not work in our environment. I need it to run with elevated privs in startup.
Mahesh
have you tried disabling UAC on affected machine and executed script with startup GPO
may be you need to disable user access controls form gpedit.msc on machine instead of control panel
Raymond Norton
ASKER
Really don't want to do that . Tested a gpo, disabling UAC and user got a pop up saying UAC was disabled but needed a reboot.
Shaun Vermaak, do you have an example of how zap might work executing the .cmd shown in the original post? I am not finding simple documentation explaining it.
serialband
Can that script be run under the computer configuration instead of the user?
Shaun Vermaak
Shaun Vermaak, do you have an example of how zap might work executing the .cmd shown in the original post? I am not finding simple documentation explaining it.
U need to add scripts to system start up script under computer configuration