none
Run script as user?

    Question

  • It's my understanding that if I choose the 'Run Command Line' option, the command will run as Administrator.  Is it possible for MDT to save and use the supplied user credentials?  I have a script that creates an AD group based on the computer name.  Obviously the local administrator account cannot create that group.  
    Tuesday, October 16, 2012 3:29 PM

All replies

  • My suggestion, start here: Execute a program under a different user account.

    If this doesnt help you further, create a script and call it in the command line like so: %SCRIPTROOT%\CFG-CreateADGroup.vbs

    In the script you can specify the account that needs to be used and the action which you would like to execute.

    I think the problem is that the run command line option is limited to 1 line of execution code. As long as it can execute code that can be used in 1 line, there's no problem. For all the other exotic stuff use a script!

    Good luck!


    Keep us posted, and if helpful please rate! Kind regards



    Tuesday, October 16, 2012 8:17 PM
  • Hi. For what reason do you need a Group for each computer? Would it not be easier to create this from the domain Controller. For example a script that runs each night as a scheduled task and creates the Groups.


    Oddvar Håland Moe | My blogs: MSitPros.com and Moe.am | Twitter: @Oddvarmoe | Linkedin: Oddvar Håland Moe

    Tuesday, October 16, 2012 10:33 PM
  • IMHO, no scripts needed. I assume that you are using a consistent naming convention you can actually use the database to apply groups just like you need it, even AD groups. you could also set this in customsettings.ini, however it will take some more work ,and I agree with Oddvar, GPP makes more sense.


    • Edited by A. Finer Wednesday, October 17, 2012 2:17 AM
    Wednesday, October 17, 2012 2:15 AM
  • Hi. For what reason do you need a Group for each computer? Would it not be easier to create this from the domain Controller. For example a script that runs each night as a scheduled task and creates the Groups.


    Oddvar Håland Moe | My blogs: MSitPros.com and Moe.am | Twitter: @Oddvarmoe | Linkedin: Oddvar Håland Moe

    The idea is that I'll create a 'SERVERNAME - Local Admin' AD security group and then add that group to the local admins group on the box.  The problem is that I can't use any sort of RUNAS since then the password for this account would be stored in plain text.  I was hoping to be able to reuse the same credentials that MDT captures to map drives, since those are relatively invisible.
    Wednesday, October 17, 2012 12:22 PM
  • Have a look at the blog from scriptimus:

    http://scriptimus.wordpress.com/

    Just have a look at it, many interesting things he has there, don't want to search this one in specific now though.
    Should be quite easy from what I recall :)

    I am very sure that he posted some examples on how to access MDT variables within Power Shell.
    • Edited by orioon Wednesday, October 17, 2012 12:43 PM
    Wednesday, October 17, 2012 12:42 PM
  • Have a look at the blog from scriptimus:

    http://scriptimus.wordpress.com/

    Just have a look at it, many interesting things he has there, don't want to search this one in specific now though.
    Should be quite easy from what I recall :)

    I am very sure that he posted some examples on how to access MDT variables within Power Shell.
    I'm not sure I follow.  I need a way to run a script with the credentials supplied during the initial LTI deployment GUI, if possible.
    Wednesday, October 17, 2012 6:03 PM
  • I already see some examples for this on the first page, did you even have a look?

    http://scriptimus.wordpress.com/2012/09/28/ltizti-powershell-exit-codes/

    There he accesses the OSDComputername.
    I am quite sure he once made a specific blog entry about this topic, just read a bit about scripting on his blog - it's no wasted time for sure.



    • Edited by orioon Wednesday, October 17, 2012 10:08 PM
    Wednesday, October 17, 2012 10:07 PM